Find a vulnerability
Search criteria
59 vulnerabilities by Nginx
CERTFR-2026-AVI-0775
Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18
De multiples vulnérabilités ont été découvertes dans Nginx. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nginx | Nginx | NGINX Gateway Fabric versions 1.3.0 à 1.6.2 antérieures à 2.6.4 | ||
| Nginx | Nginx | NGINX Plus versions 37.x antérieures à 37.0.2.1 | ||
| Nginx | Nginx | NGINX Open Source versions 1.31.x antérieures à 1.31.2 | ||
| Nginx | Nginx | NGINX Gateway Fabric versions 2.x antérieures à 2.6.4 | ||
| Nginx | Nginx | NGINX Open Source versions 1.30.x antérieures à 1.30.3 | ||
| Nginx | Nginx | NGINX Plus versions R33 à R36 antérieures à R36 P6 |
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Gateway Fabric versions 1.3.0 \u00e0 1.6.2 ant\u00e9rieures \u00e0 2.6.4",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "NGINX Plus versions 37.x ant\u00e9rieures \u00e0 37.0.2.1",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.31.x ant\u00e9rieures \u00e0 1.31.2",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "NGINX Gateway Fabric versions 2.x ant\u00e9rieures \u00e0 2.6.4",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.30.x ant\u00e9rieures \u00e0 1.30.3",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R33 \u00e0 R36 ant\u00e9rieures \u00e0 R36 P6",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-42055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42055"
},
{
"name": "CVE-2026-48142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48142"
},
{
"name": "CVE-2026-42530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42530"
}
],
"initial_release_date": "2026-06-18T00:00:00",
"last_revision_date": "2026-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0775",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Nginx. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nginx",
"vendor_advisories": [
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 Nginx K000161585",
"url": "https://my.f5.com/manage/s/article/K000161585"
},
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 Nginx K000161616",
"url": "https://my.f5.com/manage/s/article/K000161616"
},
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 Nginx K000161584",
"url": "https://my.f5.com/manage/s/article/K000161584"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000161614",
"url": "https://my.f5.com/manage/s/article/K000161614"
}
]
}
CERTFR-2025-AVI-0691
Vulnerability from certfr_avis - Published: 2025-08-14 - Updated: 2025-08-14
Une vulnérabilité a été découverte dans Nginx. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nginx Plus versions ant\u00e9rieures \u00e0 R35, R34 P2, R33 P3 et R32 P3 avec le module ngx_mail_smtp_module activ\u00e9",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
},
{
"description": "Nginx versions ant\u00e9rieures \u00e0 1.29.1 avec le module ngx_mail_smtp_module activ\u00e9",
"product": {
"name": "Nginx",
"vendor": {
"name": "Nginx",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
}
],
"initial_release_date": "2025-08-14T00:00:00",
"last_revision_date": "2025-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0691",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nginx. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans Nginx",
"vendor_advisories": [
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000152786",
"url": "https://my.f5.com/manage/s/article/K000152786"
}
]
}
VAR-201404-0592
Vulnerability from variot - Updated: 2026-04-10 23:34The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed.". RubyGems actionpack is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation guideline.
Note: OpenSSL is an external product embedded in HP products.
Bulletin Applicability:
This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.
To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . No user action is required to install them. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions:
671H_GS00601 665H_GS12501 663H_GS04601
HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions:
655H_GS10201
HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below.
Mitigation Instructions
The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI:
Product Configuration Options to Disable TLS Heartbeat Functions
Secure SMI-S CVTL User
Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
OpenSSL could be made to expose sensitive information over the network, possibly including private keys.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. (CVE-2014-0160)
Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12
After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 ( Security fix ) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz
Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz
Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. If bulk software or firmware updates are required, use an unaffected or patched version of HP Smart Update Manager (HP SUM) to do single or batch updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rhevm-spice-client security update Advisory ID: RHSA-2014:0416-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0416.html Issue date: 2014-04-17 CVE Names: CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 CVE-2014-0160 =====================================================================
- Summary:
Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV-M 3.3 - noarch
- Description:
Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.
The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues:
An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. (CVE-2014-0160)
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.
The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers:
CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166
All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets
- Package List:
RHEV-M 3.3:
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm
noarch: rhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-4929.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04239372 Version: 4
HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-04-13 Last Updated: 2014-05-13
Potential Security Impact: Remote disclosure of information, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).
References:
CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH):
Product version/Platform Download Location
SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52
SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37
SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a
SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76
SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178
SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37
Notes
SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g
Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability.
Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset.
Frequently Asked Questions
Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents.
What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions
v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2
v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2
v7.2.1 v7.2u1
v7.3.2 v7.2.3 v7.3.2
v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2
v7.3.0 v7.3.0
v7.3.2 not supported v7.3.2
v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2
How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers.
HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . This bulletin will give you the information needed to update your HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64
References: CVE-2014-0160 (SSRT101538)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is actively working to address this vulnerability for the impacted versions of HP Insight Control server deployment. This bulletin may be revised. It is recommended that customers take the following approaches depending on the version of HP Insight Control server deployment:
To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment.
To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the following procedure.
Delete the smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \express\hpfeatures\hpagents-ws\components\Win2003
2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \express\hpfeatures\hpagents-ws\components\Win2003
3 http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0 smhamd64-cp023240.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0 smhx86-cp023239.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Table 1
Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.3.2.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"_id": null,
"model": "v60",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.15"
},
{
"_id": null,
"model": "s9922l",
"scope": "eq",
"trust": 1.0,
"vendor": "ricon",
"version": "16.10.3\\(3794\\)"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.0"
},
{
"_id": null,
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.1.2.5"
},
{
"_id": null,
"model": "gluster storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "application processing engine",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"_id": null,
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.24"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"_id": null,
"model": "simatic s7-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"_id": null,
"model": "splunk",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "6.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.10"
},
{
"_id": null,
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.1.3.3"
},
{
"_id": null,
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.6.1"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"_id": null,
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.20"
},
{
"_id": null,
"model": "v60",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.25"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "13.10"
},
{
"_id": null,
"model": "cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"_id": null,
"model": "wincc open architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.12"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.3.0.104"
},
{
"_id": null,
"model": "splunk",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "6.0.3"
},
{
"_id": null,
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.2.0.11"
},
{
"_id": null,
"model": "elan-8.2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.3.3"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.2"
},
{
"_id": null,
"model": "storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "server",
"scope": "lt",
"trust": 1.0,
"vendor": "filezilla",
"version": "0.9.44"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.1"
},
{
"_id": null,
"model": "simatic s7-1500t",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.4.0.102"
},
{
"_id": null,
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.21"
},
{
"_id": null,
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.6.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.3"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arch linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "aruba",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "attachmate",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bee ware",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "extreme",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "global associates",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva s a",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "marklogic",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sophos",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unisys",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pfsense",
"version": null
},
{
"_id": null,
"model": "studio onsite",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "1.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "s u s e",
"version": "13.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"_id": null,
"model": "chef",
"scope": "eq",
"trust": 0.6,
"vendor": "opscode",
"version": "11.1.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chef",
"scope": "ne",
"trust": 0.6,
"vendor": "opscode",
"version": "11.1.3"
},
{
"_id": null,
"model": "webyast",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"_id": null,
"model": "lifecycle management server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"_id": null,
"model": "actionpack",
"scope": "eq",
"trust": 0.3,
"vendor": "rubygems",
"version": "3.0"
},
{
"_id": null,
"model": "actionpack",
"scope": "eq",
"trust": 0.3,
"vendor": "rubygems",
"version": "4.0.1"
},
{
"_id": null,
"model": "actionpack",
"scope": "eq",
"trust": 0.3,
"vendor": "rubygems",
"version": "3.2.15"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "actionpack",
"scope": "ne",
"trust": 0.3,
"vendor": "rubygems",
"version": "4.0.2"
},
{
"_id": null,
"model": "actionpack",
"scope": "ne",
"trust": 0.3,
"vendor": "rubygems",
"version": "3.2.16"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.7"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.5"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "1.1"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.10"
},
{
"_id": null,
"model": "on rails ruby on rails 3.1.0.rc5",
"scope": null,
"trust": 0.3,
"vendor": "ruby",
"version": null
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0.3"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.4"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.14"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.12"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.4"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "1.2.7"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "1.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.12"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.11"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.17"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.0.1"
},
{
"_id": null,
"model": "cloudforms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.1"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.12"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.15"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7.1"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.13"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "1.0"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.3"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.16"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.6"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.18"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.4"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "ne",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.17"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.7"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.0"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.5.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.6"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.7"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.8"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.0"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.20"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.2"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.5.1"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.6"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.4"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.6"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.5"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.3"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.9"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.16"
},
{
"_id": null,
"model": "on rails ruby on rails 3.1.0.rc6",
"scope": null,
"trust": 0.3,
"vendor": "ruby",
"version": null
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.1.8"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.11"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0.2"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.3"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.0.19"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.13"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.11"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.8"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.10"
},
{
"_id": null,
"model": "on rails ruby on rails",
"scope": "eq",
"trust": 0.3,
"vendor": "ruby",
"version": "3.2.2"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.2"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "BID",
"id": "64074"
},
{
"db": "BID",
"id": "65604"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "126605"
},
{
"db": "PACKETSTORM",
"id": "126954"
},
{
"db": "PACKETSTORM",
"id": "126284"
},
{
"db": "PACKETSTORM",
"id": "126361"
},
{
"db": "PACKETSTORM",
"id": "126417"
},
{
"db": "PACKETSTORM",
"id": "126305"
},
{
"db": "PACKETSTORM",
"id": "126644"
},
{
"db": "PACKETSTORM",
"id": "126164"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "PACKETSTORM",
"id": "127085"
},
{
"db": "PACKETSTORM",
"id": "126784"
}
],
"trust": 1.1
},
"cve": "CVE-2014-0160",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.0,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "HIGH",
"enviromentalScore": 6.5,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-0160",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2014-0160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0160",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-0160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"description": {
"_id": null,
"data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as \"heartbleed.\". RubyGems actionpack is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to cause denial-of-service conditions. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation\nguideline. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . No user action is\nrequired to install them. \nHP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for\nthe following firmware versions:\n\n671H_GS00601\n665H_GS12501\n663H_GS04601\n\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in\n655H firmware versions:\n\n655H_GS10201\n\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. \nIf the library firmware cannot be updated, HP recommends following the\nMitigation Instructions below. \n\nMitigation Instructions\n\nThe following configuration options that allow access to the Heartbeat\nfunction in the vulnerable versions of OpenSSL are not enabled by default. \nVerify that the following options are \"disabled\" using the Tape Library GUI:\n\nProduct Configuration Options to Disable TLS Heartbeat Functions\n\nSecure SMI-S\nCVTL User\n\nNote: Disabling these features blocks the vulnerable OpenSSL function in both\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\nDrives. The basic functionality of the library is not affected by these\nconfiguration changes and SSL access to the user interface is not affected by\nthis configuration change or setting. ============================================================================\nUbuntu Security Notice USN-2165-1\nApril 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network,\npossibly including private keys. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS\nheartbeat extension. (CVE-2014-0160)\n\nYuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled\ntiming during swap operations in the Montgomery ladder implementation. An\nattacker could use this issue to perform side-channel attacks and possibly\nrecover ECDSA nonces. (CVE-2014-0076)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.2\n\nUbuntu 12.10:\n libssl1.0.0 1.0.1c-3ubuntu2.7\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.12\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Since this issue may have resulted in compromised\nprivate keys, it is recommended to regenerate them. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. \n Thanks for Neel Mehta of Google Security for discovering this bug and to\n Adam Langley \u003cagl@chromium.org\u003e and Bodo Moeller \u003cbmoeller@acm.org\u003e for\n preparing the fix. \n Fix for the attack described in the paper \"Recovering OpenSSL\n ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\n by Yuval Yarom and Naomi Benger. Details can be obtained from:\n http://eprint.iacr.org/2014/140\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz\nbdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz\n858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz\n4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz\n43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz\nbf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz\n\nSlackware x86_64 -current packages:\n27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz\n5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \nIf bulk software or firmware updates are required, use an unaffected or\npatched version of HP Smart Update Manager (HP SUM) to do single or batch\nupdates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rhevm-spice-client security update\nAdvisory ID: RHSA-2014:0416-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0416.html\nIssue date: 2014-04-17\nCVE Names: CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 \n CVE-2014-0160 \n=====================================================================\n\n1. Summary:\n\nUpdated rhevm-spice-client packages that fix multiple security issues are\nnow available for Red Hat Enterprise Virtualization Manager 3. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.3 - noarch\n\n3. Description:\n\nRed Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems. \n\nThe rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE\nclient. OpenSSL, a general purpose cryptography library with a TLS\nimplementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer\npackage has been updated to correct the following issues:\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server. (CVE-2014-0160)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the way OpenSSL handled\nTLS/SSL protocol handshake packets. A specially crafted handshake packet\ncould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text. \n(CVE-2012-4929)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter. \n\nThe updated mingw-virt-viewer Windows SPICE client further includes OpenSSL\nsecurity fixes that have no security impact on mingw-virt-viewer itself. \nThe security fixes included in this update address the following CVE\nnumbers:\n\nCVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which address these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets\n1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets\n\n6. Package List:\n\nRHEV-M 3.3:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm\n\nnoarch:\nrhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-4929.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0169.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4353.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0160.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n\nThe HP SIM software itself is not vulnerable to CVE-2014-0160 (\"Heartbleed\"). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04239372\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04239372\nVersion: 4\n\nHPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on\nLinux and Windows, Remote Disclosure of Information, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-13\nLast Updated: 2014-05-13\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\nCVE-2014-0160 (SSRT101501) Disclosure of Information - \"Heartbleed\"\nCVE-2013-4353 Denial of Service (DoS)\nCVE-2013-6449 Denial of Service (DoS)\nCVE-2013-6450 Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\nv7.3.1 for Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH):\n\nProduct version/Platform\n Download Location\n\nSMH 7.2.3 Windows x86\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n\nSMH 7.2.3 Windows x64\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n\nSMH 7.3.2.1(B) Windows x86\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n\nSMH 7.3.2.1(B) Windows x64\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n\nSMH 7.3.2 Linux x86\n http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178\n\nSMH 7.3.2 Linux x64\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n\nNotes\n\nSMH 7.2.3 recommended for customers running Windows 2003 OS\nUpdated OpenSSL to version 1.0.1g\n\nNote: If you believe your SMH installation was exploited while it was running\ncomponents vulnerable to heartbleed, there are some steps to perform after\nyouve upgraded to the non-vulnerable components. These steps include\nrevoking, recreating, and re-importing certificates and resetting passwords\nthat might have been harvested by a malicious attacker using the heartbleed\nvulnerability. \n\nImpact on VCA - VCRM communication: VCA configures VCRM by importing the SMH\ncertificate from the SMH of VCA into the SMH of VCRM. When this certificate\nis deleted \u0026 regenerated (as suggested before), it needs to be (re)imported\nif the user wants to continue with Trust by Certificate option, and the\noutdated certificate should be revoked (deleted) from each location where it\nwas previously imported. \nIf you use HPSIMs 2-way trust feature, and have imported SMH certificates\ninto HPSIM, you will also need to revoke those SMH certificated from HPSIM\nand reimport the newly created SMH certificates. \nThough SMH uses OS credentials using OS-based APIs, user provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. If you suspect your systems using SMH were exploited while they\nwere vulnerable to heartbleed, these passwords need to be reset. \n\nFrequently Asked Questions\n\nWill updated systems require a reboot after applying the SMH patch?\nNo, reboot of the system will not be required. Installing the new build is\nsufficient to get back to the normal state. \nIs a Firmware Update necessary in addition to the SMH patch?\nNo, only the SMH update is sufficient to remove the heartbleed-vulnerable\nversion of SMH. \nWill new certificates be issued along with the patch, or need to be handled\nseparately?\nIf you suspect the certificate has been compromised due to this\nvulnerability, we do recommend to delete and revoke the certificate, or SMH\nwill reuse the existing certificate. New certificate will be created when SMH\nservice starts (at the end of the fresh / upgrade installation). Instructions\non deleting the certificate are in the notes above. \nWhere can I get SMH documentation?\nAll major documents are available at:\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library\nSelect HP Insight Management under Product and Solutions \u0026 check HP System\nManagement Homepage to get SMH related documents. \n\nWhat are the recommended upgrade paths?\nSee the table below:\nSMH\n DVD\n SPP\n Recommended SMH update for Linux\n Recommended SMH update for Windows 2003 and Widows 2003 R2\n Recommended SMH update for other Windows OS versions\n\nv7.1.2\n v7.1.2\n 2012.10.0\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.0\n v7.2.0\n 2013.02.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.1\n v7.2u1\n\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.2\n v7.2u2\n 2013.09.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.3.0\n v7.3.0\n\n v7.3.2\n not supported\n v7.3.2\n\nv7.3.1\n v7.3.1\n 2014.02.0\n v7.3.2\n not supported\n v7.3.2\n\nHow can I verify whether my setup is patched successfully?\nSMH version can be verified by executing following command on:\nWindows: hp\\hpsmh\\bin\\smhlogreader version\nLinux: /opt/hp/hpsmh/bin/smhlogreader version\nWill VCA-VCRM communication be impacted due to the SMH certificate being\ndeleted?\nVCA configures VCRM by importing the SMH certificate (sslshare\\cert.pem) from\nthe SMH of VCA to the SMH of VCRM. When this certificate is deleted \u0026\nregenerated (as suggested before), it needs to be (re)imported if user wants\nto continue with Trust by Certificate option, and remove the old, previously\nimported certificate. \nShould I reset password on all managed nodes, where SMH was/is running?\nThough SMH uses OS credentials using OS based APIs, user-provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. Passwords need to be reset if you suspect the vulnerable version of\nSMH was exploited by malicious users/ hackers. \n\nHISTORY\nVersion:1 (rev.1) - 13 April 2014 Initial release\nVersion:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released\nVersion:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released\nVersion:4 (rev.4) - 13 May 2014 Added additional remediation steps for post\nupdate installation\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd\nfm4AoKM1d7+F05Xo87Bicnmh0OHidg/O\n=bK11\n-----END PGP SIGNATURE-----\n. This bulletin will give you the information needed to\nupdate your HP Insight Control server deployment solution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\n\nReferences: CVE-2014-0160 (SSRT101538)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is actively working to address this vulnerability for the impacted\nversions of HP Insight Control server deployment. This bulletin may be\nrevised. It is recommended that customers take the following approaches\ndepending on the version of HP Insight Control server deployment:\n\nTo address the vulnerability in an initial installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1\nthrough Step 3 of the following procedure, before initiating an operating\nsystem deployment. \n\nTo address the vulnerability in a previous installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the\nfollowing procedure. \n\nDelete the smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location listed\nin the following table, row 1,2,3,4. \nDelete the affected hpsmh-7.*.rpm\" from Component Copy Location listed in the\nfollowing table, row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nsuggested in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n smhx86-cp023242.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n2\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n smhamd64-cp023243.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n3\n http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0\n smhamd64-cp023240.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0\n smhx86-cp023239.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nTable 1\n\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0160"
},
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "BID",
"id": "64074"
},
{
"db": "BID",
"id": "65604"
},
{
"db": "PACKETSTORM",
"id": "126644"
},
{
"db": "PACKETSTORM",
"id": "126784"
},
{
"db": "PACKETSTORM",
"id": "127085"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "126086"
},
{
"db": "PACKETSTORM",
"id": "126164"
},
{
"db": "PACKETSTORM",
"id": "126305"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "PACKETSTORM",
"id": "126197"
},
{
"db": "PACKETSTORM",
"id": "126361"
},
{
"db": "PACKETSTORM",
"id": "126284"
},
{
"db": "PACKETSTORM",
"id": "126954"
},
{
"db": "PACKETSTORM",
"id": "126605"
},
{
"db": "PACKETSTORM",
"id": "126417"
}
],
"trust": 3.51
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/720951",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
"trust": 0.4,
"type": "exploit"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0160",
"trust": 3.9
},
{
"db": "EXPLOIT-DB",
"id": "32745",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#720951",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "57721",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59243",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57836",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57968",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59347",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57966",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57483",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57347",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59139",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030079",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030074",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030081",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030080",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030026",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030077",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030082",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030078",
"trust": 1.1
},
{
"db": "BID",
"id": "66690",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "32764",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA14-098A",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-635659",
"trust": 1.1
},
{
"db": "BID",
"id": "64074",
"trust": 0.3
},
{
"db": "BID",
"id": "65604",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-135-02",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126361",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126417",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126086",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126784",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "64074"
},
{
"db": "BID",
"id": "65604"
},
{
"db": "PACKETSTORM",
"id": "126605"
},
{
"db": "PACKETSTORM",
"id": "126954"
},
{
"db": "PACKETSTORM",
"id": "126284"
},
{
"db": "PACKETSTORM",
"id": "126361"
},
{
"db": "PACKETSTORM",
"id": "126197"
},
{
"db": "PACKETSTORM",
"id": "126417"
},
{
"db": "PACKETSTORM",
"id": "126305"
},
{
"db": "PACKETSTORM",
"id": "126644"
},
{
"db": "PACKETSTORM",
"id": "126164"
},
{
"db": "PACKETSTORM",
"id": "126086"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "PACKETSTORM",
"id": "127085"
},
{
"db": "PACKETSTORM",
"id": "126784"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"id": "VAR-201404-0592",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6038711649999999
},
"last_update_date": "2026-04-10T23:34:59.841000Z",
"patch": {
"_id": null,
"data": [
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
},
{
"title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2165-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2014-0160 "
},
{
"title": "exploits",
"trust": 0.1,
"url": "https://github.com/vs4vijay/exploits "
},
{
"title": "VULNIX",
"trust": 0.1,
"url": "https://github.com/El-Palomo/VULNIX "
},
{
"title": "openssl-heartbleed-fix",
"trust": 0.1,
"url": "https://github.com/sammyfung/openssl-heartbleed-fix "
},
{
"title": "cve-2014-0160",
"trust": 0.1,
"url": "https://github.com/cved-sources/cve-2014-0160 "
},
{
"title": "heartbleed_check",
"trust": 0.1,
"url": "https://github.com/ehoffmann-cp/heartbleed_check "
},
{
"title": "heartbleed",
"trust": 0.1,
"url": "https://github.com/okrutnik420/heartbleed "
},
{
"title": "heartbleed-test.crx",
"trust": 0.1,
"url": "https://github.com/iwaffles/heartbleed-test.crx "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/te "
},
{
"title": "AradSocket",
"trust": 0.1,
"url": "https://github.com/araditc/AradSocket "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/kaisenlinux/sslscan "
},
{
"title": "Springboard_Capstone_Project",
"trust": 0.1,
"url": "https://github.com/jonahwinninghoff/Springboard_Capstone_Project "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MrE-Fog/heartbleeder "
},
{
"title": "buffer_overflow_exploit",
"trust": 0.1,
"url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening "
},
{
"title": "insecure_project",
"trust": 0.1,
"url": "https://github.com/turtlesec-no/insecure_project "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/ssl "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/H4R335HR/heartbleed "
},
{
"title": "nmap-scripts",
"trust": 0.1,
"url": "https://github.com/takeshixx/nmap-scripts "
},
{
"title": "knockbleed",
"trust": 0.1,
"url": "https://github.com/siddolo/knockbleed "
},
{
"title": "heartbleed-masstest",
"trust": 0.1,
"url": "https://github.com/musalbas/heartbleed-masstest "
},
{
"title": "HeartBleedDotNet",
"trust": 0.1,
"url": "https://github.com/ShawInnes/HeartBleedDotNet "
},
{
"title": "heartbleed_test_openvpn",
"trust": 0.1,
"url": "https://github.com/weisslj/heartbleed_test_openvpn "
},
{
"title": "paraffin",
"trust": 0.1,
"url": "https://github.com/vmeurisse/paraffin "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/rbsec/sslscan "
},
{
"title": "Heartbleed_Dockerfile_with_Nginx",
"trust": 0.1,
"url": "https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx "
},
{
"title": "heartbleed-bug",
"trust": 0.1,
"url": "https://github.com/cldme/heartbleed-bug "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/H4CK3RT3CH/awesome-web-hacking "
},
{
"title": "Web-Hacking",
"trust": 0.1,
"url": "https://github.com/adm0i/Web-Hacking "
},
{
"title": "cybersecurity-ethical-hacking",
"trust": 0.1,
"url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
},
{
"title": "Lastest-Web-Hacking-Tools-vol-I",
"trust": 0.1,
"url": "https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I "
},
{
"title": "HTBValentineWriteup",
"trust": 0.1,
"url": "https://github.com/zimmel15/HTBValentineWriteup "
},
{
"title": "heartbleed-poc",
"trust": 0.1,
"url": "https://github.com/sensepost/heartbleed-poc "
},
{
"title": "CVE-2014-0160",
"trust": 0.1,
"url": "https://github.com/0x90/CVE-2014-0160 "
},
{
"title": "Certified-Ethical-Hacker-Exam-CEH-v10",
"trust": 0.1,
"url": "https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10 "
},
{
"title": "cs558heartbleed",
"trust": 0.1,
"url": "https://github.com/gkaptch1/cs558heartbleed "
},
{
"title": "HeartBleed",
"trust": 0.1,
"url": "https://github.com/archaic-magnon/HeartBleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/undacmic/heartbleed-proof-of-concept "
},
{
"title": "openvpn-jookk",
"trust": 0.1,
"url": "https://github.com/Jeypi04/openvpn-jookk "
},
{
"title": "Heartbleed",
"trust": 0.1,
"url": "https://github.com/Saiprasad16/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/KickFootCode/LoveYouALL "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imesecan/LeakReducer-artifacts "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TVernet/Kali-Tools-liste-et-description "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/k4u5h41/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ronaldogdm/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/rochacbruno/my-awesome-stars "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/asadhasan73/temp_comp_sec "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Aakaashzz/Heartbleed "
},
{
"title": "tls-channel",
"trust": 0.1,
"url": "https://github.com/marianobarrios/tls-channel "
},
{
"title": "fuzzx_cpp_demo",
"trust": 0.1,
"url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Ppamo/recon_net_tools "
},
{
"title": "heatbleeding",
"trust": 0.1,
"url": "https://github.com/idkqh7/heatbleeding "
},
{
"title": "HeartBleed-Vulnerability-Checker",
"trust": 0.1,
"url": "https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker "
},
{
"title": "heartbleed",
"trust": 0.1,
"url": "https://github.com/iSCInc/heartbleed "
},
{
"title": "heartbleed-dtls",
"trust": 0.1,
"url": "https://github.com/hreese/heartbleed-dtls "
},
{
"title": "heartbleedchecker",
"trust": 0.1,
"url": "https://github.com/roganartu/heartbleedchecker "
},
{
"title": "nmap-heartbleed",
"trust": 0.1,
"url": "https://github.com/azet/nmap-heartbleed "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/delishen/sslscan "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/hr-beast/web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Miss-Brain/Web-Application-Security "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/Hemanthraju02/web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/QWERTSKIHACK/awesome-web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/himera25/web-hacking-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dorota-fiit/bp-Heartbleed-defense-game "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/sslscan "
},
{
"title": "Heart-bleed",
"trust": 0.1,
"url": "https://github.com/anonymouse327311/Heart-bleed "
},
{
"title": "goScan",
"trust": 0.1,
"url": "https://github.com/stackviolator/goScan "
},
{
"title": "sec-tool-list",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-tool-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/utensil/awesome-stars-test "
},
{
"title": "insecure-cplusplus-dojo",
"trust": 0.1,
"url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jubalh/awesome-package-maintainer "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Elnatty/tryhackme_labs "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hzuiw33/OpenSSL "
},
{
"title": "makeItBleed",
"trust": 0.1,
"url": "https://github.com/mcampa/makeItBleed "
},
{
"title": "CVE-2014-0160-Chrome-Plugin",
"trust": 0.1,
"url": "https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin "
},
{
"title": "heartbleedfixer.com",
"trust": 0.1,
"url": "https://github.com/reenhanced/heartbleedfixer.com "
},
{
"title": "CVE-2014-0160-Scanner",
"trust": 0.1,
"url": "https://github.com/obayesshelton/CVE-2014-0160-Scanner "
},
{
"title": "openmagic",
"trust": 0.1,
"url": "https://github.com/isgroup-srl/openmagic "
},
{
"title": "heartbleeder",
"trust": 0.1,
"url": "https://github.com/titanous/heartbleeder "
},
{
"title": "cardiac-arrest",
"trust": 0.1,
"url": "https://github.com/ah8r/cardiac-arrest "
},
{
"title": "heartbleed_openvpn_poc",
"trust": 0.1,
"url": "https://github.com/tam7t/heartbleed_openvpn_poc "
},
{
"title": "docker-wheezy-with-heartbleed",
"trust": 0.1,
"url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
},
{
"title": "docker-testssl",
"trust": 0.1,
"url": "https://github.com/mbentley/docker-testssl "
},
{
"title": "heartbleedscanner",
"trust": 0.1,
"url": "https://github.com/hybridus/heartbleedscanner "
},
{
"title": "HeartLeak",
"trust": 0.1,
"url": "https://github.com/OffensivePython/HeartLeak "
},
{
"title": "HBL",
"trust": 0.1,
"url": "https://github.com/ssc-oscar/HBL "
},
{
"title": "awesome-stars",
"trust": 0.1,
"url": "https://github.com/utensil/awesome-stars "
},
{
"title": "SecurityTesting_web-hacking",
"trust": 0.1,
"url": "https://github.com/mostakimur/SecurityTesting_web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/winterwolf32/awesome-web-hacking "
},
{
"title": "awesome-web-hacking-1",
"trust": 0.1,
"url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mehedi-Babu/ethical_hacking_cyber "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/thanshurc/awesome-web-hacking "
},
{
"title": "hack",
"trust": 0.1,
"url": "https://github.com/nvnpsplt/hack "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/noname1007/awesome-web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ImranTheThirdEye/awesome-web-hacking "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/Ondrik8/web-hacking "
},
{
"title": "CheckSSL-ciphersuite",
"trust": 0.1,
"url": "https://github.com/kal1gh0st/CheckSSL-ciphersuite "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/undacmic/HeartBleed-Demo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MrE-Fog/ssl-heartbleed.nse "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
},
{
"trust": 1.9,
"url": "http://heartbleed.com/"
},
{
"trust": 1.9,
"url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
},
{
"trust": 1.9,
"url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
},
{
"trust": 1.9,
"url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
},
{
"trust": 1.9,
"url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
},
{
"trust": 1.9,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
},
{
"trust": 1.9,
"url": "http://www.debian.org/security/2014/dsa-2896"
},
{
"trust": 1.9,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
},
{
"trust": 1.7,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"trust": 1.7,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2165-1"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
},
{
"trust": 1.1,
"url": "http://www.openssl.org/news/secadv_20140407.txt"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030078"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/109"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/190"
},
{
"trust": 1.1,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030082"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57347"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030077"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030080"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030074"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/90"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030081"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/91"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57483"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaamb3"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030079"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57721"
},
{
"trust": 1.1,
"url": "http://www.blackberry.com/btsc/kb35882"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030026"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/66690"
},
{
"trust": 1.1,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
},
{
"trust": 1.1,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57966"
},
{
"trust": 1.1,
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/173"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57968"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/32745"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/720951"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/32764"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57836"
},
{
"trust": 1.1,
"url": "https://gist.github.com/chapmajs/10473815"
},
{
"trust": 1.1,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
},
{
"trust": 1.1,
"url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
},
{
"trust": 1.1,
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"trust": 1.1,
"url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
},
{
"trust": 1.1,
"url": "http://advisories.mageia.org/mgasa-2014-0165.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"trust": 1.1,
"url": "https://filezilla-project.org/versions.php?type=server"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
},
{
"trust": 1.1,
"url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
},
{
"trust": 1.1,
"url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59347"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59243"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59139"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
},
{
"trust": 1.1,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx140605"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"trust": 1.1,
"url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
},
{
"trust": 1.1,
"url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
},
{
"trust": 1.1,
"url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 1.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q2/22"
},
{
"trust": 0.8,
"url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc6520"
},
{
"trust": 0.8,
"url": "http://www.openssl.org/news/openssl-1.0.1-notes.html"
},
{
"trust": 0.8,
"url": "http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-"
},
{
"trust": 0.8,
"url": "http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html"
},
{
"trust": 0.8,
"url": "http://xkcd.com/1354/"
},
{
"trust": 0.8,
"url": "http://www.exploit-db.com/exploits/32745/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2014-0160 "
},
{
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2165-1/"
},
{
"trust": 0.8,
"url": "http://www.freshports.org/security/openssl/"
},
{
"trust": 0.8,
"url": "http://kb.bluecoat.com/index?page=content\u0026id=sa79"
},
{
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid="
},
{
"trust": 0.8,
"url": "http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf"
},
{
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-011/"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc"
},
{
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml"
},
{
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html"
},
{
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21669774"
},
{
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037\u0026languageid=en-fr"
},
{
"trust": 0.8,
"url": "https://kb.juniper.net/jsa10623"
},
{
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071"
},
{
"trust": 0.8,
"url": "http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html"
},
{
"trust": 0.8,
"url": "http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch"
},
{
"trust": 0.8,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.533622"
},
{
"trust": 0.8,
"url": "http://kb.vmware.com/kb/2076225"
},
{
"trust": 0.8,
"url": "https://support.windriver.com/"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx"
},
{
"trust": 0.8,
"url": "https://forum.peplink.com/threads/3062-special-notice-on-openssl-heartbleed-vulnerability"
},
{
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk100173"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/av14-001.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
},
{
"trust": 0.3,
"url": "rubygems.org/gems/actionpack"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2013-6414"
},
{
"trust": 0.3,
"url": "http://rubygems.org/"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0008.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2013-1794.html"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2014-0082"
},
{
"trust": 0.3,
"url": "http://weblog.rubyonrails.org/2014/2/18/rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"
},
{
"trust": 0.3,
"url": "http://rubyonrails.org/"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0306.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0215.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4353"
},
{
"trust": 0.2,
"url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
},
{
"trust": 0.2,
"url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
},
{
"trust": 0.2,
"url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
},
{
"trust": 0.2,
"url": "http://support.openview.hp.com/downloads.jsp"
},
{
"trust": 0.2,
"url": "http://www8.h"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2019/jan/42"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2165-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
},
{
"trust": 0.1,
"url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/insightupdates"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0160.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4353.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0416.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4929.html"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-41199f68c1144acb84a5798bf0"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-2e19c856f0e84e20a14c63ecd0"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00092"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00051"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00299"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00074"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03305"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03329"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00296"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03307"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00052"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03315"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03306"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00075"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03328"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03332"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00094"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03316"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03304"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03333"
},
{
"trust": 0.1,
"url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
},
{
"trust": 0.1,
"url": "http://eprint.iacr.org/2014/140"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/eslg3"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-9c71e9ff82af4d1fbdea666d97"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-ade2403c9999459aa758e16d46"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-16533b4917c84c8c81b703f354"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-06eee9db0f4a40d98d8cb32421"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "64074"
},
{
"db": "BID",
"id": "65604"
},
{
"db": "PACKETSTORM",
"id": "126605"
},
{
"db": "PACKETSTORM",
"id": "126954"
},
{
"db": "PACKETSTORM",
"id": "126284"
},
{
"db": "PACKETSTORM",
"id": "126361"
},
{
"db": "PACKETSTORM",
"id": "126197"
},
{
"db": "PACKETSTORM",
"id": "126417"
},
{
"db": "PACKETSTORM",
"id": "126305"
},
{
"db": "PACKETSTORM",
"id": "126644"
},
{
"db": "PACKETSTORM",
"id": "126164"
},
{
"db": "PACKETSTORM",
"id": "126086"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "PACKETSTORM",
"id": "127085"
},
{
"db": "PACKETSTORM",
"id": "126784"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#720951",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2014-0160",
"ident": null
},
{
"db": "BID",
"id": "64074",
"ident": null
},
{
"db": "BID",
"id": "65604",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126605",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126954",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126361",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126197",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126417",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126305",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126644",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126164",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126086",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126045",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127279",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127085",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126784",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0160",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-08T00:00:00",
"db": "CERT/CC",
"id": "VU#720951",
"ident": null
},
{
"date": "2014-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0160",
"ident": null
},
{
"date": "2013-12-02T00:00:00",
"db": "BID",
"id": "64074",
"ident": null
},
{
"date": "2014-02-18T00:00:00",
"db": "BID",
"id": "65604",
"ident": null
},
{
"date": "2014-05-13T18:24:00",
"db": "PACKETSTORM",
"id": "126605",
"ident": null
},
{
"date": "2014-06-05T21:02:31",
"db": "PACKETSTORM",
"id": "126954",
"ident": null
},
{
"date": "2014-04-23T21:25:00",
"db": "PACKETSTORM",
"id": "126284",
"ident": null
},
{
"date": "2014-04-28T20:36:00",
"db": "PACKETSTORM",
"id": "126361",
"ident": null
},
{
"date": "2014-04-17T22:02:09",
"db": "PACKETSTORM",
"id": "126197",
"ident": null
},
{
"date": "2014-05-01T02:16:33",
"db": "PACKETSTORM",
"id": "126417",
"ident": null
},
{
"date": "2014-04-24T22:21:23",
"db": "PACKETSTORM",
"id": "126305",
"ident": null
},
{
"date": "2014-05-16T04:40:57",
"db": "PACKETSTORM",
"id": "126644",
"ident": null
},
{
"date": "2014-04-15T23:01:44",
"db": "PACKETSTORM",
"id": "126164",
"ident": null
},
{
"date": "2014-04-09T22:48:55",
"db": "PACKETSTORM",
"id": "126086",
"ident": null
},
{
"date": "2014-04-07T22:44:13",
"db": "PACKETSTORM",
"id": "126045",
"ident": null
},
{
"date": "2014-06-30T23:47:20",
"db": "PACKETSTORM",
"id": "127279",
"ident": null
},
{
"date": "2014-06-13T13:31:03",
"db": "PACKETSTORM",
"id": "127085",
"ident": null
},
{
"date": "2014-05-23T13:13:00",
"db": "PACKETSTORM",
"id": "126784",
"ident": null
},
{
"date": "2014-04-07T22:55:03.893000",
"db": "NVD",
"id": "CVE-2014-0160",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#720951",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0160",
"ident": null
},
{
"date": "2015-04-13T21:20:00",
"db": "BID",
"id": "64074",
"ident": null
},
{
"date": "2015-04-13T21:44:00",
"db": "BID",
"id": "65604",
"ident": null
},
{
"date": "2025-10-22T01:15:53.233000",
"db": "NVD",
"id": "CVE-2014-0160",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "64074"
},
{
"db": "BID",
"id": "65604"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "OpenSSL TLS heartbeat extension read overflow discloses sensitive information",
"sources": [
{
"db": "CERT/CC",
"id": "VU#720951"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "64074"
}
],
"trust": 0.3
}
}
VAR-201908-0260
Vulnerability from variot - Updated: 2026-04-10 23:34Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary:
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4113-2 September 17, 2019
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4113-1 introduced a regression in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)
Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081)
Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)
Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)
Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097)
Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)
Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: apache2 2.4.38-2ubuntu2.3 apache2-bin 2.4.38-2ubuntu2.3
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.11 apache2-bin 2.4.29-1ubuntu4.11
Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.13 apache2-bin 2.4.18-2ubuntu3.13
In general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):
JBCS-826 - Rebase nghttp2 to 1.39.2
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
CVE-2019-9517
Jonathan Looney reported that a malicious client could perform a
denial of service attack (exhausting h2 workers) by flooding a
connection with requests and basically never reading responses on
the TCP connection.
CVE-2019-10092
Matei "Mal" Badanoiu reported a limited cross-site scripting
vulnerability in the mod_proxy error page. This vulnerability could only be
triggered by a trusted proxy and not by untrusted HTTP clients. The
issue does not affect the stretch release.
CVE-2019-10098
Yukitsugu Sasaki reported a potential open redirect vulnerability in
the mod_rewrite module.
For the oldstable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u8.
For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN qcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i tZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C oOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A GIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF JjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX dgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le jVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH LarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS RcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz Cn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.20"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.40"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.7
},
"cve": "CVE-2019-9517",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9517",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160952",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-943",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160952",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd24-httpd and httpd24-nghttp2 security update\nAdvisory ID: RHSA-2019:2949-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2949\nIssue date: 2019-10-01\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-nghttp2 is now available for Red\nHat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7\nP6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S\nGjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2\nCm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI\ndbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip\nP+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh\nm2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM\nTWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV\n2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2\nXUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2\nuqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl\nI52/ZH/L3O8=N7om\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4113-2\nSeptember 17, 2019\n\napache2 regression\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4113-1 introduced a regression in Apache. \nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Stefan Eissing discovered that the HTTP/2 implementation in Apache\n did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\n some situations. A remote attacker could use this to cause a denial\n of service (daemon crash). This issue only affected Ubuntu 18.04 LTS\n and Ubuntu 19.04. (CVE-2019-0197)\n\n Craig Young discovered that a memory overwrite error existed in\n Apache when performing HTTP/2 very early pushes in some situations. A\n remote attacker could use this to cause a denial of service (daemon\n crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n (CVE-2019-10081)\n\n Craig Young discovered that a read-after-free error existed in the\n HTTP/2 implementation in Apache during connection shutdown. A remote\n attacker could use this to possibly cause a denial of service (daemon\n crash) or possibly expose sensitive information. This issue only\n affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\n Matei Badanoiu discovered that the mod_proxy component of\n Apache did not properly filter URLs when reporting errors in some\n configurations. A remote attacker could possibly use this issue to\n conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\n Daniel McCarney discovered that mod_remoteip component of Apache\n contained a stack buffer overflow when parsing headers from a trusted\n intermediary proxy in some situations. A remote attacker controlling a\n trusted proxy could use this to cause a denial of service or possibly\n execute arbitrary code. This issue only affected Ubuntu 19.04. \n (CVE-2019-10097)\n\n Yukitsugu Sasaki discovered that the mod_rewrite component in Apache\n was vulnerable to open redirects in some situations. A remote attacker\n could use this to possibly expose sensitive information or bypass\n intended restrictions. (CVE-2019-10098)\n\n Jonathan Looney discovered that the HTTP/2 implementation in Apache did\n not properly limit the amount of buffering for client connections in\n some situations. A remote attacker could use this to cause a denial\n of service (unresponsive daemon). This issue only affected Ubuntu\n 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n apache2 2.4.38-2ubuntu2.3\n apache2-bin 2.4.38-2ubuntu2.3\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.11\n apache2-bin 2.4.29-1ubuntu4.11\n\nUbuntu 16.04 LTS:\n apache2 2.4.18-2ubuntu3.13\n apache2-bin 2.4.18-2ubuntu3.13\n\nIn general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-826 - Rebase nghttp2 to 1.39.2\n\n7. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nCVE-2019-9517\n\n Jonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection. \n\nCVE-2019-10092\n\n Matei \"Mal\" Badanoiu reported a limited cross-site scripting\n vulnerability in the mod_proxy error page. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release. \n\nCVE-2019-10098\n\n Yukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod_rewrite module. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN\nqcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i\ntZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C\noOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A\nGIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF\nJjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX\ndgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le\njVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH\nLarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS\nRcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz\nCn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9517"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9517",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/08/15/7",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154227",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3133",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"id": "VAR-201908-0260",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:34:01.956000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96626"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4509"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2946"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/47"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201909-04"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2893"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2950"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev."
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce."
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/be1e153d17bb9e32d43a38f176d93bf8a9f7568f5c8f3f5e5ebf76cd@%3cannounce."
},
{
"trust": 0.6,
"url": "httpd-six-vulnerabilities-30057"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3243/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4295/"
},
{
"trust": 0.6,
"url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154227/debian-security-advisory-4509-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3301/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3133/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10082"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10081"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10097"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10098"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10092"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4113-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1842701"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.11"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4113-1"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154506",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154697",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154227",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"date": "2019-10-01T20:46:00",
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"date": "2019-09-17T16:48:23",
"db": "PACKETSTORM",
"id": "154506",
"ident": null
},
{
"date": "2019-10-01T20:45:33",
"db": "PACKETSTORM",
"id": "154697",
"ident": null
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"date": "2019-08-27T13:29:10",
"db": "PACKETSTORM",
"id": "154227",
"ident": null
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"date": "2019-08-13T21:15:12.647000",
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2023-01-19T00:00:00",
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
],
"trust": 0.6
}
}
VAR-201908-0421
Vulnerability from variot - Updated: 2026-04-10 22:52Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an authenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper window manipulation in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by manipulating window sizes on affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.
For the stable distribution (buster), these problems have been fixed in version 10.19.0~dfsg1-1.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8 TjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1 EFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj TFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm 2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr yYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI 6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt ja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0 eQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j oRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy kyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb xKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak= =I2bH -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1 release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
MAISTRA-977 - Rebuild RPMs for 1.0.1 release
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). Summary:
Updated Quay packages that fix several bugs and add various enhancements are now available.
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
- Description:
Red Hat JBoss Enterprise Application Platform CD18 is a platform for Java applications based on the WildFly application runtime.
You must restart the JBoss server process for the update to take effect. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 0.7
},
"cve": "CVE-2019-9511",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9511",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160946",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160946",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9511",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an authenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper window manipulation in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by manipulating window sizes on affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 10.19.0~dfsg1-1. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8\nTjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1\nEFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj\nTFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm\n2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr\nyYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI\n6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt\nja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0\neQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j\noRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy\nkyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb\nxKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak=\n=I2bH\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1\nrelease. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nMAISTRA-977 - Rebuild RPMs for 1.0.1 release\n\n7. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Summary:\n\nUpdated Quay packages that fix several bugs and add various enhancements\nare now available. \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. Description:\n\nRed Hat JBoss Enterprise Application Platform CD18 is a platform for Java\napplications based on the WildFly application runtime. \n\nYou must restart the JBoss server process for the update to take effect. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx112-nginx security update\nAdvisory ID: RHSA-2019:2746-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2746\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9511",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 1.9
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154471",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154848",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154117",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160946",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"id": "VAR-201908-0421",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:52:23.899000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Important: nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192692 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193041 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192949 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194021 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Red Hat: CVE-2019-9511",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9511"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194018 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194020 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194019 - Security Advisory"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9511"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1298"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-17"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1298"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1342",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1342"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9511"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 1.9,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.1,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6754-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/service_mesh/servicemesh-"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154848",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"date": "2024-04-26T15:13:40",
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"date": "2019-10-15T00:10:40",
"db": "PACKETSTORM",
"id": "154848",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2020-04-14T15:39:41",
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"date": "2019-09-12T14:32:51",
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"date": "2019-08-13T21:15:12.223000",
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178284"
}
],
"trust": 0.1
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "157214"
}
],
"trust": 0.1
}
}
VAR-201908-0264
Vulnerability from variot - Updated: 2026-04-10 22:48Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387). Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: go-toolset:rhel8 security and bug fix update Advisory ID: RHSA-2019:2726-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2726 Issue date: 2019-09-10 CVE Names: CVE-2019-9512 CVE-2019-9514 ==================================================================== 1. Summary:
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode (BZ#1743169)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1743169 - Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode [8.0.0.z]
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: go-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.src.rpm golang-1.11.13-2.module+el8.0.1+4087+d8180914.src.rpm
aarch64: go-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.aarch64.rpm golang-1.11.13-2.module+el8.0.1+4087+d8180914.aarch64.rpm golang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.aarch64.rpm
noarch: golang-docs-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm golang-misc-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm golang-src-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm golang-tests-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm
ppc64le: go-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.ppc64le.rpm golang-1.11.13-2.module+el8.0.1+4087+d8180914.ppc64le.rpm golang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.ppc64le.rpm
s390x: go-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.s390x.rpm golang-1.11.13-2.module+el8.0.1+4087+d8180914.s390x.rpm golang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.s390x.rpm
x86_64: go-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.x86_64.rpm golang-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm golang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm golang-race-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXeqD9zjgjWX9erEAQjHCw//fBf/BN7Wxsf+MDtBBRRBzgPGKstVU/e3 GUq9YUtdkUcHdKU/O5mEc9ai16t10nJ58WyClbzcAHgoUaI/9ZqC+g5GS/Y+P7Tm kVSq+qMLQ2/4u3aZtHg+ugjf5nJ6nkCpLgWyZ3wAYP5F3z5GWvCulWo/VM/23806 wtFf3NfHtkpHi9jkm3cxzjx3AVBb/ao/nAjKl1FYwEWoPHB14Q39Y0YzggSqQg6u mHmB+LoHj+jxYQfUm+EmZQ0VIXwMGbmvlpzREMz0Lk9+qoXVsdaTfHNitikVswWO HSbddPTtw9yXDsZPBUtvR7e6tPgQYlf/2LJyT+SpFjmU9LlFhwBVgusk0FCZ7dOU Vqzl9jZqUQPKPzILzyU63eT/P0sC9Uf9w1LCiyForkbXu0dep3e3ShcwC011svXx n38MLdL2nLHn1gPq0F2albE7LqsLqzJgTzBvx3A+zwuxFb4A+COD5jqFP3tr7RIt IgdbXoObXf7rSDnTb9mRLoSEF+otKWt0NRNSKJxQ2ec/dDd/L3ACJPv8uJVdUaNP Rq7hjyll9/KzFU7KHJlSJmGYjbkvx1FtW45FL5ZyuScPgEpDQw3RqXp59Nv83kpJ xMWQXp/R2QccrG9NwfkOMGYULGsfKGmMYt7N+XkODCXP4gpEMz0+fmyBF/NioKbY p88aZTP38Io=6X8m -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. These packages have been rebuilt with an updated version of Go to address the below security issues. Solution:
For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.21, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0
SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team
Installation note:
SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0.
For the stable distribution (buster), these problems have been fixed in version 1.11.6-1+deb10u1.
We recommend that you upgrade your golang-1.11 packages
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "14"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.10"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "developer tools",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.1"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.9"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "trident",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "cloud insights",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3.2"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.1.1"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154425"
},
{
"db": "PACKETSTORM",
"id": "155037"
},
{
"db": "PACKETSTORM",
"id": "154964"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156941"
}
],
"trust": 0.8
},
"cve": "CVE-2019-9514",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9514",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160949",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9514",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9514",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-931",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160949",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9514",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160949"
},
{
"db": "VULMON",
"id": "CVE-2019-9514"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain\nURIs or HTTP methods. A remote attacker could use this issue to inject\ninvalid characters and possibly perform header injection attacks. \n(CVE-2019-12387). Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: go-toolset:rhel8 security and bug fix update\nAdvisory ID: RHSA-2019:2726-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2726\nIssue date: 2019-09-10\nCVE Names: CVE-2019-9512 CVE-2019-9514\n====================================================================\n1. Summary:\n\nAn update for the go-toolset:rhel8 module is now available for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nGo Toolset provides the Go programming language tools and libraries. Go is\nalternatively known as golang. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Failure trying to conntect to image registry using TLS when buildah is\ncompiled with FIPS mode (BZ#1743169)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1743169 - Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode [8.0.0.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ngo-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.src.rpm\ngolang-1.11.13-2.module+el8.0.1+4087+d8180914.src.rpm\n\naarch64:\ngo-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.aarch64.rpm\ngolang-1.11.13-2.module+el8.0.1+4087+d8180914.aarch64.rpm\ngolang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.aarch64.rpm\n\nnoarch:\ngolang-docs-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm\ngolang-misc-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm\ngolang-src-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm\ngolang-tests-1.11.13-2.module+el8.0.1+4087+d8180914.noarch.rpm\n\nppc64le:\ngo-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.ppc64le.rpm\ngolang-1.11.13-2.module+el8.0.1+4087+d8180914.ppc64le.rpm\ngolang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.ppc64le.rpm\n\ns390x:\ngo-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.s390x.rpm\ngolang-1.11.13-2.module+el8.0.1+4087+d8180914.s390x.rpm\ngolang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.s390x.rpm\n\nx86_64:\ngo-toolset-1.11.13-1.module+el8.0.1+4087+d8180914.x86_64.rpm\ngolang-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm\ngolang-bin-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm\ngolang-race-1.11.13-2.module+el8.0.1+4087+d8180914.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXeqD9zjgjWX9erEAQjHCw//fBf/BN7Wxsf+MDtBBRRBzgPGKstVU/e3\nGUq9YUtdkUcHdKU/O5mEc9ai16t10nJ58WyClbzcAHgoUaI/9ZqC+g5GS/Y+P7Tm\nkVSq+qMLQ2/4u3aZtHg+ugjf5nJ6nkCpLgWyZ3wAYP5F3z5GWvCulWo/VM/23806\nwtFf3NfHtkpHi9jkm3cxzjx3AVBb/ao/nAjKl1FYwEWoPHB14Q39Y0YzggSqQg6u\nmHmB+LoHj+jxYQfUm+EmZQ0VIXwMGbmvlpzREMz0Lk9+qoXVsdaTfHNitikVswWO\nHSbddPTtw9yXDsZPBUtvR7e6tPgQYlf/2LJyT+SpFjmU9LlFhwBVgusk0FCZ7dOU\nVqzl9jZqUQPKPzILzyU63eT/P0sC9Uf9w1LCiyForkbXu0dep3e3ShcwC011svXx\nn38MLdL2nLHn1gPq0F2albE7LqsLqzJgTzBvx3A+zwuxFb4A+COD5jqFP3tr7RIt\nIgdbXoObXf7rSDnTb9mRLoSEF+otKWt0NRNSKJxQ2ec/dDd/L3ACJPv8uJVdUaNP\nRq7hjyll9/KzFU7KHJlSJmGYjbkvx1FtW45FL5ZyuScPgEpDQw3RqXp59Nv83kpJ\nxMWQXp/R2QccrG9NwfkOMGYULGsfKGmMYt7N+XkODCXP4gpEMz0+fmyBF/NioKbY\np88aZTP38Io=6X8m\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. These packages have been\nrebuilt with an updated version of Go to address the below security issues. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.21, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n5. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0\n\nSwiftNIO HTTP/2 1.5.0 is now available and addresses the following:\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume unbounded amounts of memory when\nreceiving certain traffic patterns and eventually suffer resource\nexhaustion\nDescription: This issue was addressed with improved buffer size\nmanagement. \nCVE-2019-9512: Jonathan Looney of Netflix\nCVE-2019-9514: Jonathan Looney of Netflix\nCVE-2019-9515: Jonathan Looney of Netflix\nCVE-2019-9516: Jonathan Looney of Netflix\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume excessive CPU resources when\nreceiving certain traffic patterns\nDescription: This issue was addressed with improved input validation. \nCVE-2019-9518: Piotr Sikora of Google, Envoy Security Team\n\nInstallation note:\n\nSwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222 and\nhttps://github.com/apple/swift-nio-http2/releases/tag/1.5.0. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.11.6-1+deb10u1. \n\nWe recommend that you upgrade your golang-1.11 packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9514"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160949"
},
{
"db": "VULMON",
"id": "CVE-2019-9514"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154425"
},
{
"db": "PACKETSTORM",
"id": "155037"
},
{
"db": "PACKETSTORM",
"id": "154964"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "154135"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9514",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.6
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/08/20/1",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154135",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155484",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155705",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156209",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155520",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155396",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4533",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3152",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0994",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4697",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4484",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43921",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160949",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9514",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154425",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154964",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154058",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160949"
},
{
"db": "VULMON",
"id": "CVE-2019-9514"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154425"
},
{
"db": "PACKETSTORM",
"id": "155037"
},
{
"db": "PACKETSTORM",
"id": "154964"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "154135"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
}
]
},
"id": "VAR-201908-0264",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160949"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:48:24.962000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96615"
},
{
"title": "Red Hat: Important: container-tools:1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194273 - Security Advisory"
},
{
"title": "Red Hat: Important: go-toolset-1.11 and go-toolset-1.11-golang security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192682 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.11 HTTP/2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193906 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192661 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193245 - Security Advisory"
},
{
"title": "Red Hat: Important: go-toolset:rhel8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192726 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193265 - Security Advisory"
},
{
"title": "Red Hat: Important: containernetworking-plugins security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200406 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.20 golang security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193131 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192769 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: golang-1.13: CVE-2019-14809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4f1284fb5317a7db524840483ee9db6f"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192690 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.18 gRPC security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192861 - Security Advisory"
},
{
"title": "Red Hat: Important: container-tools:rhel8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194269 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-9514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9514"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192766 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194045 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194021 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192594 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194018 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7cb587dafb04d397dd392a7f09dec1d9"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84ba5eefbc1d57b08d1c61852a12e026"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1270",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1270"
},
{
"title": "Debian Security Advisories: DSA-4503-1 golang-1.11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=99481074beb7ec3119ad722cad3dd9cc"
},
{
"title": "Debian Security Advisories: DSA-4508-1 h2o -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=728a827d177258876055a9107f821dfe"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194041 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9514"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194042 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194040 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194019 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194020 - Security Advisory"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4520-1 trafficserver -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3b21ecf9ab12cf6e0b56a2ef2ccf56b8"
},
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194352 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "Apple: SwiftNIO HTTP/2 1.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=39f63f0751cdcda5bff86ad147e8e1d5"
},
{
"title": "Arch Linux Advisories: [ASA-201908-15] go: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-15"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: twisted vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4308-1"
},
{
"title": "Arch Linux Advisories: [ASA-201908-16] go-pie: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-16"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200727 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1272"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193892 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "metarget",
"trust": 0.1,
"url": "https://github.com/brant-ruan/metarget "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/http-bugs/147405/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9514"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160949"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"trust": 2.6,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.6,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4273"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4040"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4041"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4042"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4045"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4269"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4352"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2726"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2769"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:3265"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/31"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/43"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/sep/18"
},
{
"trust": 1.8,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k01988340"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2594"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2661"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2682"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2690"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2766"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2796"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2861"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3131"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3245"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3906"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0406"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210436"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:3905"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109775"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43921"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4697/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128279"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3152/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4324/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1168528"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/605641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11247"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://github.com/apple/swift-nio-http2/releases/tag/1.5.0."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14809"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/golang-1.11"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160949"
},
{
"db": "VULMON",
"id": "CVE-2019-9514"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154425"
},
{
"db": "PACKETSTORM",
"id": "155037"
},
{
"db": "PACKETSTORM",
"id": "154964"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "154135"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
},
{
"db": "NVD",
"id": "CVE-2019-9514"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160949",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9514",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154425",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154964",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154058",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154135",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-931",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9514",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160949",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9514",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2019-11-15T16:16:10",
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"date": "2019-09-10T23:10:30",
"db": "PACKETSTORM",
"id": "154425",
"ident": null
},
{
"date": "2019-10-31T14:23:11",
"db": "PACKETSTORM",
"id": "155037",
"ident": null
},
{
"date": "2019-10-24T18:52:58",
"db": "PACKETSTORM",
"id": "154964",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-04-14T15:39:41",
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"date": "2020-03-27T13:16:40",
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"date": "2019-08-14T22:22:22",
"db": "PACKETSTORM",
"id": "154058",
"ident": null
},
{
"date": "2019-08-19T15:07:50",
"db": "PACKETSTORM",
"id": "154135",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-931",
"ident": null
},
{
"date": "2019-08-13T21:15:12.443000",
"db": "NVD",
"id": "CVE-2019-9514",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160949",
"ident": null
},
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9514",
"ident": null
},
{
"date": "2022-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-931",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9514",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-931"
}
],
"trust": 0.6
}
}
VAR-201811-0987
Vulnerability from variot - Updated: 2026-04-10 22:34nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx18-nginx security update Advisory ID: RHSA-2018:3652-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3652 Issue date: 2018-11-26 CVE Names: CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk TwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn 4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW okYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj 8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh T5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6 L2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH sMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F 99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0 HPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y rYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a ZrQQucuvvOo= =LfBW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.3"
},
{
"_id": null,
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.15"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.7"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.15.5"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.14.1"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.15.6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"_id": null,
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.5"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.13.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.15"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.5"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.13"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.10"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.9"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.8"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.7"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.15"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.14"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.13"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.12"
},
{
"_id": null,
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.10"
},
{
"_id": null,
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.6"
},
{
"_id": null,
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14.1"
}
],
"sources": [
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
]
},
"credits": {
"_id": null,
"data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)",
"sources": [
{
"db": "BID",
"id": "105868"
}
],
"trust": 0.3
},
"cve": "CVE-2018-16845",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-16845",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-127245",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2018-16845",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16845",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-16845",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16845",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-16845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16845",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-119",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-127245",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-16845",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"description": {
"_id": null,
"data": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2018:3652-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3652\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module\n(CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk\nTwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn\n4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW\nokYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj\n8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh\nT5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6\nL2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH\nsMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F\n99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0\nHPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y\nrYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a\nZrQQucuvvOo=\n=LfBW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-16845",
"trust": 3.5
},
{
"db": "BID",
"id": "105868",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1042039",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0451",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042571",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150453",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-127245",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16845",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150458",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"id": "VAR-201811-0987",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:34:06.104000Z",
"patch": {
"_id": null,
"data": [
{
"title": "[SECURITY] [DLA 1572-1] nginx security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html"
},
{
"title": "DSA-4335",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"title": "Bug 1644508",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845"
},
{
"title": "RHSA-2018:3652",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3652"
},
{
"title": "RHSA-2018:3653",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3653"
},
{
"title": "RHSA-2018:3680",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3680"
},
{
"title": "RHSA-2018:3681",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3681"
},
{
"title": "USN-3812-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"title": "(CVE-2018-16845)",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
},
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86626"
},
{
"title": "Red Hat: Important: rh-nginx18-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183652 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183653 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183680 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183681 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3812-1"
},
{
"title": "Red Hat: CVE-2018-16845",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-16845"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "CVE-2018-16845",
"trust": 0.1,
"url": "https://github.com/T4t4ru/CVE-2018-16845 "
},
{
"title": "anitazhaochen.github.io",
"trust": 0.1,
"url": "https://github.com/anitazhaochen/anitazhaochen.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-835",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845"
},
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
},
{
"trust": 2.0,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3652"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3653"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3681"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105868"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3680"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1042039"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16845"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2018-16845"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1489143"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0464/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75522"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042571"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-16843"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-16844"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3812-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-127245",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-16845",
"ident": null
},
{
"db": "BID",
"id": "105868",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150253",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150214",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150453",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150481",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150458",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164240",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-16845",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-127245",
"ident": null
},
{
"date": "2018-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16845",
"ident": null
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868",
"ident": null
},
{
"date": "2018-11-12T16:57:53",
"db": "PACKETSTORM",
"id": "150253",
"ident": null
},
{
"date": "2018-11-07T17:35:27",
"db": "PACKETSTORM",
"id": "150214",
"ident": null
},
{
"date": "2018-11-26T04:44:44",
"db": "PACKETSTORM",
"id": "150453",
"ident": null
},
{
"date": "2018-11-27T17:24:48",
"db": "PACKETSTORM",
"id": "150481",
"ident": null
},
{
"date": "2018-11-26T10:02:22",
"db": "PACKETSTORM",
"id": "150458",
"ident": null
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240",
"ident": null
},
{
"date": "2018-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-119",
"ident": null
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014189",
"ident": null
},
{
"date": "2018-11-07T14:29:00.883000",
"db": "NVD",
"id": "CVE-2018-16845",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-127245",
"ident": null
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16845",
"ident": null
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868",
"ident": null
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-119",
"ident": null
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014189",
"ident": null
},
{
"date": "2024-11-21T03:53:25.953000",
"db": "NVD",
"id": "CVE-2018-16845",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "nginx Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "memory leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
}
],
"trust": 0.6
}
}
VAR-201908-0263
Vulnerability from variot - Updated: 2026-04-10 22:30Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Summary:
Updated Quay packages that fix several bugs and add various enhancements are now available.
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
For the oldstable distribution (stretch), these problems have been fixed in version 1.18.1-1+deb9u1.
For the stable distribution (buster), these problems have been fixed in version 1.36.0-2+deb10u1.
We recommend that you upgrade your nghttp2 packages.
For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1sMs8ACgkQEMKTtsN8 Tjb8Uw//S/tOXQZwAiYCUe3tC+Uc/Zz3FpbSoC73Edn/zShG5PWuACth3NDbBhZI Ye7o8jMxvsJ1J/McekMPqT8eD5D+HxrQJAkZzvyquVKhxhgHB4onmqOn6/kMiuFp sdUhBh+Kyiwr0ix2uph92KxggC+jq65RbvSWFFP0CXQJ2Ua0929JJQfkv76Wk1nD bWd2Pw0maSiXTagShhWqCkBgZo5swMIx2uHvixlFe75FnERnwu3JhKHL4R90r3dq rqItD3BDWXa2l8UNjPj7W7Nf01UxZSPl+GCOR+qDX0LDghy1M9GOz9u8qq+argca foHTJPPibbG3DYsOg5BrQkQE9LiRZmezhG13hkIEN25cKDyZo2gxCZ597MSfjzgf 6VLTFRbd2cLmK0iilXa6OtL3Rm3wTTgSjhZ5wjSgbPddpHnso//AeFpSyCyIIDWL VHlB44ehulQljfYxH0iLH8cy9MtEDk5zhOh9ziFjnzDtx5JX7l/5D8LLOGHZj67O TH0VNXYmKvt/x9ROi3G9+1XweYM8rYIwxQlBIVASQtlSfqqYCOX5LjJkSuBQhk8D nsGr1umNZ8hdDc4dfZQiD/Trwo99/3HuPdmEt5jwfunocygMyv9+yLfB+J3H+AS/ 5epPIGh/E96OLBqPwWUryVX3xx8JiEaHvxPFIDLzZyRYSjQaSXo= =FvKi -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 1.2
},
"cve": "CVE-2019-9513",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9513",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160948",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160948",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2019:2745-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2745\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Summary:\n\nUpdated Quay packages that fix several bugs and add various enhancements\nare now available. \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.18.1-1+deb9u1. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.36.0-2+deb10u1. \n\nWe recommend that you upgrade your nghttp2 packages. \n\nFor the detailed security status of nghttp2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nghttp2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1sMs8ACgkQEMKTtsN8\nTjb8Uw//S/tOXQZwAiYCUe3tC+Uc/Zz3FpbSoC73Edn/zShG5PWuACth3NDbBhZI\nYe7o8jMxvsJ1J/McekMPqT8eD5D+HxrQJAkZzvyquVKhxhgHB4onmqOn6/kMiuFp\nsdUhBh+Kyiwr0ix2uph92KxggC+jq65RbvSWFFP0CXQJ2Ua0929JJQfkv76Wk1nD\nbWd2Pw0maSiXTagShhWqCkBgZo5swMIx2uHvixlFe75FnERnwu3JhKHL4R90r3dq\nrqItD3BDWXa2l8UNjPj7W7Nf01UxZSPl+GCOR+qDX0LDghy1M9GOz9u8qq+argca\nfoHTJPPibbG3DYsOg5BrQkQE9LiRZmezhG13hkIEN25cKDyZo2gxCZ597MSfjzgf\n6VLTFRbd2cLmK0iilXa6OtL3Rm3wTTgSjhZ5wjSgbPddpHnso//AeFpSyCyIIDWL\nVHlB44ehulQljfYxH0iLH8cy9MtEDk5zhOh9ziFjnzDtx5JX7l/5D8LLOGHZj67O\nTH0VNXYmKvt/x9ROi3G9+1XweYM8rYIwxQlBIVASQtlSfqqYCOX5LjJkSuBQhk8D\nnsGr1umNZ8hdDc4dfZQiD/Trwo99/3HuPdmEt5jwfunocygMyv9+yLfB+J3H+AS/\n5epPIGh/E96OLBqPwWUryVX3xx8JiEaHvxPFIDLzZyRYSjQaSXo=\n=FvKi\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9513",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3306",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43920",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160948",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"id": "VAR-201908-0263",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:30:10.522000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96619"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193041 - Security Advisory"
},
{
"title": "Red Hat: Important: nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192692 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192949 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Red Hat: CVE-2019-9513",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9513"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9513"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1298"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-17"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1298"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3306/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43920"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6754-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nghttp2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154470",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154533",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154284",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"date": "2019-09-17T20:58:22",
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"date": "2024-04-26T15:13:40",
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"date": "2019-10-01T20:46:00",
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"date": "2019-09-12T14:32:43",
"db": "PACKETSTORM",
"id": "154470",
"ident": null
},
{
"date": "2019-09-19T16:28:51",
"db": "PACKETSTORM",
"id": "154533",
"ident": null
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"date": "2019-09-02T17:39:28",
"db": "PACKETSTORM",
"id": "154284",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"date": "2019-08-13T21:15:12.380000",
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.6
}
}
VAR-201607-0657
Vulnerability from variot - Updated: 2026-04-10 22:29PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host.
References:
- CVE-2016-5385 - PHP, HTTPoxy
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: php54-php security update Advisory ID: RHSA-2016:1610-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 =====================================================================
- Summary:
An update for php54-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- (CVE-2016-5385)
Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg 3r5SaIOUCU9fw1VuBLjTlPI= =fzN3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information:
https://php.net/ChangeLog-5.php#5.6.24
For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package.
We recommend that you upgrade your php5 packages.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz
Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz
Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz
Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz
Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.6.24-i586-1_slack14.2.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 6) - i386, x86_64
3.
Ubuntu Security Notice USN-3045-1 August 02, 2016
php5, php7.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description: - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain SplMinHeap::compar e operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. Thi s issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116 )
It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception object s when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2015-8876)
It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use thi s issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)
It was discovered that PHP incorrectly handled certain locale operations.
An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)
It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-5094, CVE-2016-5095)
It was discovered that the PHP fread() function incorrectly handled certa in lengths. An attacker could use this issue to cause PHP to crash, resultin g in a denial of service, or possibly execute arbitrary code. This issue on ly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)
It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker cou ld use this issue to cause PHP to crash, resulting in a denial of service, o r possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)
It was discovered that PHP would not protect applications from contents o f the HTTP_PROXY environment variable when based on the contents of the Pro xy header from HTTP requests. A remote attacker could possibly use this issu e in combination with scripts that honour the HTTP_PROXY variable to redire ct outgoing HTTP requests. (CVE-2016-5385)
Hans Jerry Illikainen discovered that the PHP bzread() function incorrect ly performed error handling. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)
It was discovered that certain PHP multibyte string functions incorrectly
handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)
It was discovered that the PHP Mcrypt extension incorrectly handled memor y. A remote attacker could use this issue to cause PHP to crash, resulting i n a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker coul d use this issue to cause PHP to crash, resulting in a denial of service, o r possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)
It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP t o crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)
It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cau se PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-6288)
It was discovered that PHP incorrectly handled path lengths when extracti ng certain Zip archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6289)
It was discovered that PHP incorrectly handled session deserialization. A
remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)
It was discovered that PHP incorrectly handled exif headers when processi ng certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)
It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT S and Ubuntu 16.04 LTS. (CVE-2016-6295)
It was discovered that the PHP xmlrpc_encode_request() function incorrect ly handled certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296)
It was discovered that the PHP php_stream_zip_opener() function incorrect ly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2 php7.0-cgi 7.0.8-0ubuntu0.16.04.2 php7.0-cli 7.0.8-0ubuntu0.16.04.2 php7.0-fpm 7.0.8-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19 php5-cgi 5.5.9+dfsg-1ubuntu4.19 php5-cli 5.5.9+dfsg-1ubuntu4.19 php5-fpm 5.5.9+dfsg-1ubuntu4.19
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.24 php5-cgi 5.3.10-1ubuntu3.24 php5-cli 5.3.10-1ubuntu3.24 php5-fpm 5.3.10-1ubuntu3.24
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3045-1 CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
Package Information: https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05320149 Version: 1
HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-10-26 Last Updated: 2016-10-26
Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux.
References:
- CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
- CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
- CVE-2016-3739 - cURL and libcurl, Remote code execution
- CVE-2016-5388 - "HTTPoxy", Apache Tomcat
- CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
- CVE-2016-5385 - "HTTPoxy", PHP
- CVE-2016-4543 - PHP, multiple impact
- CVE-2016-4071 - PHP, multiple impact
- CVE-2016-4072 - PHP, multiple impact
- CVE-2016-4542 - PHP, multiple impact
- CVE-2016-4541 - PHP, multiple impact
- CVE-2016-4540 - PHP, multiple impact
- CVE-2016-4539 - PHP, multiple impact
- CVE-2016-4538 - PHP, multiple impact
- CVE-2016-4537 - PHP, multiple impact
- CVE-2016-4343 - PHP, multiple impact
- CVE-2016-4342 - PHP, multiple impact
- CVE-2016-4070 - PHP, Denial of Service (DoS)
- CVE-2016-4393 - PSRT110263, XSS vulnerability
- CVE-2016-4394 - PSRT110263, HSTS vulnerability
- CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
- CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
- PSRT110145
- PSRT110263
- PSRT110115
- PSRT110116
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE System Management Homepage - all versions prior to v7.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-3739
5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVE-2016-4070
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4071
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4072
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4342
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVE-2016-4343
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-4393
4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVE-2016-4394
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVE-2016-4395
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4396
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4537
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4538
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4539
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4540
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4541
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4542
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4543
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5385
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5387
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
- Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH).
Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations:
HISTORY Version:1 (rev.1) - 26 October 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service.
References:
- CVE-2016-5385 - PHP, HTTPoxy
- CVE-2016-3074 - PHP
- CVE-2013-7456 - PHP
- CVE-2016-5093 - PHP
- CVE-2016-5094 - PHP
- CVE-2016-5096 - PHP
- CVE-2016-5766 - PHP
- CVE-2016-5767 - PHP
- CVE-2016-5768 - PHP
- CVE-2016-5769 - PHP
- CVE-2016-5770 - PHP
- CVE-2016-5771 - PHP
- CVE-2016-5772 - PHP
- CVE-2016-5773 - PHP
- CVE-2016-6207 - GD Graphics Library
- CVE-2016-6289 - PHP
- CVE-2016-6290 - PHP
- CVE-2016-6291 - PHP
- CVE-2016-6292 - PHP
- CVE-2016-6293 - PHP
- CVE-2016-6294 - PHP
- CVE-2016-6295 - PHP
- CVE-2016-6296 - PHP
- CVE-2016-6297 - PHP
- CVE-2016-5399 - PHP
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"_id": null,
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.38"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.24"
},
{
"_id": null,
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.8"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"_id": null,
"model": "storeever msl6480 tape library",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "5.09"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "24"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.5.0"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.0"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.0.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache http server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "haproxy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hhvm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "python",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lighttpd",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5385",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2016-5385",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-94204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2016-5385",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5385",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"description": {
"_id": null,
"data": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: php54-php security update\nAdvisory ID: RHSA-2016:1610-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html\nIssue date: 2016-08-11\nCVE Names: CVE-2016-5385 \n=====================================================================\n\n1. Summary:\n\nAn update for php54-php is now available for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. (CVE-2016-5385)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg\n3r5SaIOUCU9fw1VuBLjTlPI=\n=fzN3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.24, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.24\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.24+dfsg-0+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.9-1 of the php7.0 source package. \n\nWe recommend that you upgrade your php5 packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n http://php.net/ChangeLog-5.php#5.6.24\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\naea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ned5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz\n\nSlackware x86_64 -current package:\n17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.24-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. 6) - i386, x86_64\n\n3. \n=========================================================================\nUbuntu Security Notice USN-3045-1\nAugust 02, 2016\n\nphp5, php7.0 vulnerabilities\n=========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php7.0: HTML-embedded scripting language interpreter\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that PHP incorrectly handled certain SplMinHeap::compar\ne\noperations. A remote attacker could use this issue to cause PHP to crash,\n\nresulting in a denial of service, or possibly execute arbitrary code. Thi\ns\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116\n)\n\nIt was discovered that PHP incorrectly handled recursive method calls. A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2015-8873)\n\nIt was discovered that PHP incorrectly validated certain Exception object\ns\nwhen unserializing data. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2015-8876)\n\nIt was discovered that PHP header() function performed insufficient\nfiltering for Internet Explorer. A remote attacker could possibly use thi\ns\nissue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2015-8935)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2016-5093)\n\nIt was discovered that the PHP php_html_entities() function incorrectly\nhandled certain string lengths. A remote attacker could use this issue to\n\ncause PHP to crash, resulting in a denial of service, or possibly execute\n\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-5094, CVE-2016-5095)\n\nIt was discovered that the PHP fread() function incorrectly handled certa\nin\nlengths. An attacker could use this issue to cause PHP to crash, resultin\ng\nin a denial of service, or possibly execute arbitrary code. This issue on\nly\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)\n\nIt was discovered that the PHP FastCGI Process Manager (FPM) SAPI\nincorrectly handled memory in the access logging feature. An attacker cou\nld\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)\n\nIt was discovered that PHP would not protect applications from contents o\nf\nthe HTTP_PROXY environment variable when based on the contents of the Pro\nxy\nheader from HTTP requests. A remote attacker could possibly use this issu\ne\nin combination with scripts that honour the HTTP_PROXY variable to redire\nct\noutgoing HTTP requests. (CVE-2016-5385)\n\nHans Jerry Illikainen discovered that the PHP bzread() function incorrect\nly\nperformed error handling. A remote attacker could use this issue to cause\n\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-5399)\n\nIt was discovered that certain PHP multibyte string functions incorrectly\n\nhandled memory. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)\n\nIt was discovered that the PHP Mcrypt extension incorrectly handled memor\ny. \nA remote attacker could use this issue to cause PHP to crash, resulting i\nn\na denial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing malicious data. A remote attacker coul\nd\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly execute arbitrary code. This issue was only addressed in Ubuntu\nUbuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)\n\nIt was discovered that PHP incorrectly handled memory when unserializing\nmalicious xml data. A remote attacker could use this issue to cause PHP t\no\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-5772)\n\nIt was discovered that the PHP php_url_parse_ex() function incorrectly\nhandled string termination. A remote attacker could use this issue to cau\nse\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-6288)\n\nIt was discovered that PHP incorrectly handled path lengths when extracti\nng\ncertain Zip archives. A remote attacker could use this issue to cause PHP\n\nto crash, resulting in a denial of service, or possibly execute arbitrary\n\ncode. (CVE-2016-6289)\n\nIt was discovered that PHP incorrectly handled session deserialization. A\n\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6290)\n\nIt was discovered that PHP incorrectly handled exif headers when processi\nng\ncertain JPEG images. A remote attacker could use this issue to cause PHP \nto\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6291, CVE-2016-6292)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6294)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing SNMP data. A remote attacker could use\n\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT\nS\nand Ubuntu 16.04 LTS. (CVE-2016-6295)\n\nIt was discovered that the PHP xmlrpc_encode_request() function incorrect\nly\nhandled certain lengths. An attacker could use this issue to cause PHP to\n\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6296)\n\nIt was discovered that the PHP php_stream_zip_opener() function incorrect\nly\nhandled memory. An attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-6297)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2\n php7.0-cgi 7.0.8-0ubuntu0.16.04.2\n php7.0-cli 7.0.8-0ubuntu0.16.04.2\n php7.0-fpm 7.0.8-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19\n php5-cgi 5.5.9+dfsg-1ubuntu4.19\n php5-cli 5.5.9+dfsg-1ubuntu4.19\n php5-fpm 5.5.9+dfsg-1ubuntu4.19\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.24\n php5-cgi 5.3.10-1ubuntu3.24\n php5-cli 5.3.10-1ubuntu3.24\n php5-fpm 5.3.10-1ubuntu3.24\n\nIn general, a standard system update will make all the necessary changes. \n\n\nReferences:\n http://www.ubuntu.com/usn/usn-3045-1\n CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935,\n CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096,\n CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768,\n CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773,\n CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291,\n CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,\n CVE-2016-6297\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05320149\nVersion: 1\n\nHPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary\nCode Execution, Cross-Site Scripting (XSS), Denial of Service (DoS),\nUnauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-10-26\nLast Updated: 2016-10-26\n\nPotential Security Impact: Remote: Arbitrary Code Execution, Cross-Site\nScripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of\nInformation\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nSystem Management Homepage (SMH) on Windows and Linux. \n\nReferences:\n\n - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-3739 - cURL and libcurl, Remote code execution\n - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n - CVE-2016-5385 - \"HTTPoxy\", PHP \n - CVE-2016-4543 - PHP, multiple impact\n - CVE-2016-4071 - PHP, multiple impact\n - CVE-2016-4072 - PHP, multiple impact\n - CVE-2016-4542 - PHP, multiple impact\n - CVE-2016-4541 - PHP, multiple impact\n - CVE-2016-4540 - PHP, multiple impact\n - CVE-2016-4539 - PHP, multiple impact\n - CVE-2016-4538 - PHP, multiple impact\n - CVE-2016-4537 - PHP, multiple impact\n - CVE-2016-4343 - PHP, multiple impact\n - CVE-2016-4342 - PHP, multiple impact\n - CVE-2016-4070 - PHP, Denial of Service (DoS)\n - CVE-2016-4393 - PSRT110263, XSS vulnerability\n - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n - PSRT110145\n - PSRT110263\n - PSRT110115\n - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE System Management Homepage - all versions prior to v7.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-3739\n 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\n 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n CVE-2016-4070\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-4071\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4072\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4342\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n CVE-2016-4343\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4393\n 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\n 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n CVE-2016-4394\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)\n\n CVE-2016-4395\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4396\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4537\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4538\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4539\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4540\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4541\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4542\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4543\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5385\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5387\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\n* Hewlett Packard Enterprise thanks Tenable Network Security for working with\nTrend Micro\u0027s Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and\nCVE-2016-4396 to security-alert@hpe.com\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of System Management Homepage\n(SMH). \n\nPlease download and install HPE System Management Homepage (SMH) v7.6.0 from\nthe following locations: \n\n* \u003chttps://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e\n\nHISTORY\nVersion:1 (rev.1) - 26 October 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. Please note that the Management\nInterface cannot access data stored on tape media, so this vulnerability does\nnot allow for remote unauthorized disclosure of data stored on tape media or\nremote denial of service. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n - CVE-2016-3074 - PHP\n - CVE-2013-7456 - PHP\n - CVE-2016-5093 - PHP\n - CVE-2016-5094 - PHP\n - CVE-2016-5096 - PHP\n - CVE-2016-5766 - PHP\n - CVE-2016-5767 - PHP\n - CVE-2016-5768 - PHP\n - CVE-2016-5769 - PHP\n - CVE-2016-5770 - PHP\n - CVE-2016-5771 - PHP\n - CVE-2016-5772 - PHP\n - CVE-2016-5773 - PHP\n - CVE-2016-6207 - GD Graphics Library\n - CVE-2016-6289 - PHP\n - CVE-2016-6290 - PHP\n - CVE-2016-6291 - PHP\n - CVE-2016-6292 - PHP\n - CVE-2016-6293 - PHP\n - CVE-2016-6294 - PHP\n - CVE-2016-6295 - PHP\n - CVE-2016-6296 - PHP\n - CVE-2016-6297 - PHP\n - CVE-2016-5399 - PHP\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5385"
},
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 2.52
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94204",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-5385",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#797896",
"trust": 1.9
},
{
"db": "BID",
"id": "91821",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036335",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "138295",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138298",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139744",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138296",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138070",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138299",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138297",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-94204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140515",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"id": "VAR-201607-0657",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:29:01.229000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036335"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91821"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"trust": 1.1,
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://httpoxy.org/"
},
{
"trust": 1.1,
"url": "https://www.drupal.org/sa-core-2016-003"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc3875"
},
{
"trust": 0.8,
"url": "https://httpoxy.org"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/807.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/454.html"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-5385"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5399"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
},
{
"trust": 0.2,
"url": "https://php.net/changelog-5.php#5.6.24"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5093"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5768"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5096"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public/readindex?sp4ts.oid=5385625\u0026swlan"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5385"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6207"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6288"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3045-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6293"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/msl6480\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139744",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138296",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138070",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138014",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138295",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138298",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138136",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139379",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140515",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"date": "2016-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"date": "2016-11-16T00:48:12",
"db": "PACKETSTORM",
"id": "139744",
"ident": null
},
{
"date": "2016-08-12T18:03:00",
"db": "PACKETSTORM",
"id": "138296",
"ident": null
},
{
"date": "2016-07-27T14:25:39",
"db": "PACKETSTORM",
"id": "138070",
"ident": null
},
{
"date": "2016-07-22T22:42:48",
"db": "PACKETSTORM",
"id": "138014",
"ident": null
},
{
"date": "2016-08-12T18:02:52",
"db": "PACKETSTORM",
"id": "138295",
"ident": null
},
{
"date": "2016-08-12T18:03:22",
"db": "PACKETSTORM",
"id": "138298",
"ident": null
},
{
"date": "2016-08-02T22:59:53",
"db": "PACKETSTORM",
"id": "138136",
"ident": null
},
{
"date": "2016-10-27T19:22:00",
"db": "PACKETSTORM",
"id": "139379",
"ident": null
},
{
"date": "2017-01-15T23:24:00",
"db": "PACKETSTORM",
"id": "140515",
"ident": null
},
{
"date": "2016-07-19T02:00:17.773000",
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 0.5
},
"title": {
"_id": null,
"data": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "138136"
}
],
"trust": 0.1
}
}
VAR-201908-0266
Vulnerability from variot - Updated: 2026-04-10 21:58Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-828 - Rebase nghttp2 to 1.39.2
- The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.16.3)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.9
},
"cve": "CVE-2019-9516",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-9516",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160951",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9516",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9516",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9516",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9516",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160951",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9516",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that\nsubmits malicious input to an affected system. A successful exploit\ncould result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-828 - Rebase nghttp2 to 1.39.2\n\n6. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx112-nginx security update\nAdvisory ID: RHSA-2019:2746-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2746\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9516"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9516",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.6
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3213",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154698",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154697",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160951",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155417",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"id": "VAR-201908-0266",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T21:58:07.634000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96621"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192950 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192946 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9516"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9516"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1342",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1342"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
},
{
"title": "DC-4-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/http-bugs/147405/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.6,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.5,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2950"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.8,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2946"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 1.2,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3213/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1072144"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/605641"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.29"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html/red_hat_jboss_core_services_apache_http_server_2.4.29_service_pack_3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160951",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9516",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155417",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154698",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9516",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160951",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9516",
"ident": null
},
{
"date": "2019-09-17T20:58:22",
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2019-11-20T21:11:11",
"db": "PACKETSTORM",
"id": "155417",
"ident": null
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"date": "2019-10-01T20:45:48",
"db": "PACKETSTORM",
"id": "154698",
"ident": null
},
{
"date": "2020-03-27T13:16:40",
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"date": "2019-09-12T14:32:51",
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-938",
"ident": null
},
{
"date": "2019-08-13T21:15:12.583000",
"db": "NVD",
"id": "CVE-2019-9516",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160951",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9516",
"ident": null
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-938",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9516",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
],
"trust": 0.6
}
}
VAR-201908-0265
Vulnerability from variot - Updated: 2026-03-09 23:11Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release.
The JBoss server process must be restarted for the update to take effect. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update Advisory ID: RHSA-2019:4019-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4019 Issue date: 2019-11-26 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-14838 CVE-2019-14843 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)
-
wildfly: wildfly-security-manager: security manager authorization bypass (CVE-2019-14843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1
- Package List:
Red Hat JBoss EAP 7.2 for RHEL 7 Server:
Source: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.src.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.src.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.src.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.src.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.src.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el7eap.src.rpm
noarch: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.noarch.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el7eap.noarch.rpm
x86_64: eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/cve/CVE-2019-14843 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXd2Ev9zjgjWX9erEAQjW/BAAl1q46jFIklzXGQYqCBNoHo/OJpqbB21F sqHX3rOeRckVrjfzsYuJmGFFOjC9IXcLslr7Ps6x6SNxvbozmbDPv703SP1RNzWy +4IqMa8tqDyNNPxtcIMBGIwvmCRpC/FgvM4qlPQ9TdmXpITlIXq8n1m8Ye5EJAAk btHtkJeR81pob5xBS21CFoiNZOOWT17tyYlxpPRH69DPs9GSf6VUQGplVjWhIyXC nc+DUt5vRIor3RmIBqwiY3Cm2x1veKliZIU11uanyy/OpQ4fngCQPqQv2d/246xQ tevUzg52+/YTr2HB5p4YVEBWlmhtNLvlNmaYYPoz4hvKgZY3DBfAVLvMToS7aHZz tbOI+1ACdzzkXzaOmxTu5E/omvvgLOkRQ+WPS/AzHq1v7M8tFCZ9y3Q/VByxTCLy weXO5udaWf4jV8s8JAiT2Ugl93qxv06UJq+zB2yQ9HwNGCYGt1eWSZhGCbLp5AM+ lI3X+McTnbHik/xvvmOgyyRnvJUFBai+AtvAdUqN8uTf//vP0DSd4LL406MQ/bNF 3k2Rn52husN69bwsM8ZY3EpddtPOwPIVTD4zZy4+Bw25baVGKXQTQJMBMRVsduSb KKJgjKd93kXyZ3i//eu+VAMJhKc1QNVIU6HEcCpyx5qpZyJnomTb01VsmRkE/k+O 4I3dv+TPBuU=aKfk -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.
For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4308-1 March 19, 2020
twisted vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Twisted.
Software Description: - twisted: Event-based framework for internet applications
Details:
it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387)
It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. (CVE-2019-12855)
It was discovered that Twisted incorrectly handled HTTP/2 connections. A remote attacker could possibly use this issue to cause Twisted to hang or consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515)
Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: python-twisted 18.9.0-3ubuntu1.1 python-twisted-bin 18.9.0-3ubuntu1.1 python-twisted-web 18.9.0-3ubuntu1.1 python3-twisted 18.9.0-3ubuntu1.1 python3-twisted-bin 18.9.0-3ubuntu1.1
Ubuntu 18.04 LTS: python-twisted 17.9.0-2ubuntu0.1 python-twisted-bin 17.9.0-2ubuntu0.1 python-twisted-web 17.9.0-2ubuntu0.1 python3-twisted 17.9.0-2ubuntu0.1 python3-twisted-bin 17.9.0-2ubuntu0.1
Ubuntu 16.04 LTS: python-twisted 16.0.0-1ubuntu0.4 python-twisted-bin 16.0.0-1ubuntu0.4 python-twisted-web 16.0.0-1ubuntu0.4 python3-twisted 16.0.0-1ubuntu0.4
In general, a standard system update will make all the necessary changes. Summary:
This is a security update for JBoss EAP Continuous Delivery 18.0. Each of these container images includes gRPC, which has been updated with the below fixes. Solution:
For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.16.3)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "14"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.1"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.5.1"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.1.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3.2"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.1.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155520"
},
{
"db": "PACKETSTORM",
"id": "155484"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "154475"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.8
},
"cve": "CVE-2019-9515",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9515",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160950",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9515",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9515",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9515",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9515",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-932",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160950"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nThe JBoss server process must be restarted for the update to take effect. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update\nAdvisory ID: RHSA-2019:4019-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:4019\nIssue date: 2019-11-26\nCVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514\n CVE-2019-9515 CVE-2019-14838 CVE-2019-14843\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.2.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* undertow: HTTP/2: large amount of data requests leads to denial of\nservice (CVE-2019-9511)\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory\ngrowth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* wildfly: wildfly-security-manager: security manager authorization bypass\n(CVE-2019-14843)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server:\n\nSource:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.src.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.src.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.src.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.src.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.src.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.src.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.noarch.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.noarch.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm\neap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-14838\nhttps://access.redhat.com/security/cve/CVE-2019-14843\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXd2Ev9zjgjWX9erEAQjW/BAAl1q46jFIklzXGQYqCBNoHo/OJpqbB21F\nsqHX3rOeRckVrjfzsYuJmGFFOjC9IXcLslr7Ps6x6SNxvbozmbDPv703SP1RNzWy\n+4IqMa8tqDyNNPxtcIMBGIwvmCRpC/FgvM4qlPQ9TdmXpITlIXq8n1m8Ye5EJAAk\nbtHtkJeR81pob5xBS21CFoiNZOOWT17tyYlxpPRH69DPs9GSf6VUQGplVjWhIyXC\nnc+DUt5vRIor3RmIBqwiY3Cm2x1veKliZIU11uanyy/OpQ4fngCQPqQv2d/246xQ\ntevUzg52+/YTr2HB5p4YVEBWlmhtNLvlNmaYYPoz4hvKgZY3DBfAVLvMToS7aHZz\ntbOI+1ACdzzkXzaOmxTu5E/omvvgLOkRQ+WPS/AzHq1v7M8tFCZ9y3Q/VByxTCLy\nweXO5udaWf4jV8s8JAiT2Ugl93qxv06UJq+zB2yQ9HwNGCYGt1eWSZhGCbLp5AM+\nlI3X+McTnbHik/xvvmOgyyRnvJUFBai+AtvAdUqN8uTf//vP0DSd4LL406MQ/bNF\n3k2Rn52husN69bwsM8ZY3EpddtPOwPIVTD4zZy4+Bw25baVGKXQTQJMBMRVsduSb\nKKJgjKd93kXyZ3i//eu+VAMJhKc1QNVIU6HEcCpyx5qpZyJnomTb01VsmRkE/k+O\n4I3dv+TPBuU=aKfk\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe fixes are too intrusive to backport to the version in the oldstable\ndistribution (stretch). An upgrade to Debian stable (buster) is\nrecommended instead. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u1. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8\nTjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM\nmsNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur\nwrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W\nJwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo\nh0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF\nSnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp\na0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO\n2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR\nXVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH\nSAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh\n3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-4308-1\nMarch 19, 2020\n\ntwisted vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Twisted. \n\nSoftware Description:\n- twisted: Event-based framework for internet applications\n\nDetails:\n\nit was discovered that Twisted incorrectly validated or sanitized certain\nURIs or HTTP methods. A remote attacker could use this issue to inject\ninvalid characters and possibly perform header injection attacks. \n(CVE-2019-12387)\n\nIt was discovered that Twisted incorrectly verified XMPP TLS certificates. \nA remote attacker could possibly use this issue to perform a\nman-in-the-middle attack and obtain sensitive information. (CVE-2019-12855)\n\nIt was discovered that Twisted incorrectly handled HTTP/2 connections. A\nremote attacker could possibly use this issue to cause Twisted to hang or\nconsume resources, leading to a denial of service. This issue only affected\nUbuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514,\nCVE-2019-9515)\n\nJake Miller and ZeddYu Lu discovered that Twisted incorrectly handled\ncertain content-length headers. A remote attacker could possibly use this\nissue to perform HTTP request splitting attacks. (CVE-2020-10108,\nCVE-2020-10109)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n python-twisted 18.9.0-3ubuntu1.1\n python-twisted-bin 18.9.0-3ubuntu1.1\n python-twisted-web 18.9.0-3ubuntu1.1\n python3-twisted 18.9.0-3ubuntu1.1\n python3-twisted-bin 18.9.0-3ubuntu1.1\n\nUbuntu 18.04 LTS:\n python-twisted 17.9.0-2ubuntu0.1\n python-twisted-bin 17.9.0-2ubuntu0.1\n python-twisted-web 17.9.0-2ubuntu0.1\n python3-twisted 17.9.0-2ubuntu0.1\n python3-twisted-bin 17.9.0-2ubuntu0.1\n\nUbuntu 16.04 LTS:\n python-twisted 16.0.0-1ubuntu0.4\n python-twisted-bin 16.0.0-1ubuntu0.4\n python-twisted-web 16.0.0-1ubuntu0.4\n python3-twisted 16.0.0-1ubuntu0.4\n\nIn general, a standard system update will make all the necessary changes. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0. Each of these container images includes gRPC,\nwhich has been updated with the below fixes. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.z, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n4. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9515"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160950"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155520"
},
{
"db": "PACKETSTORM",
"id": "155484"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156830"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "154475"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9515",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155520",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155484",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156830",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154222",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4533",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3325",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0994",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3227",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4484",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160950",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155480",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154475",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160950"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155520"
},
{
"db": "PACKETSTORM",
"id": "155484"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156830"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "154475"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
}
]
},
"id": "VAR-201908-0265",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160950"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T23:11:32.559000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96616"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160950"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4045"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4352"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4040"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4041"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4042"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2766"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/43"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/18"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2796"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2861"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210436"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109775"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3227/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1071852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156830/ubuntu-security-notice-usn-4308-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3325/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154222/debian-security-advisory-4508-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14837"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4308-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10109"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/twisted/17.9.0-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/twisted/16.0.0-1ubuntu0.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12387"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/twisted/18.9.0-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160950"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155520"
},
{
"db": "PACKETSTORM",
"id": "155484"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156830"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "154475"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
},
{
"db": "NVD",
"id": "CVE-2019-9515"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160950",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155728",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155480",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155520",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155484",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154430",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156830",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154475",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9515",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160950",
"ident": null
},
{
"date": "2019-12-19T22:07:40",
"db": "PACKETSTORM",
"id": "155728",
"ident": null
},
{
"date": "2019-11-15T16:16:10",
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"date": "2019-11-27T15:38:24",
"db": "PACKETSTORM",
"id": "155480",
"ident": null
},
{
"date": "2019-12-02T19:20:27",
"db": "PACKETSTORM",
"id": "155520",
"ident": null
},
{
"date": "2019-11-27T15:43:14",
"db": "PACKETSTORM",
"id": "155484",
"ident": null
},
{
"date": "2019-09-10T23:12:17",
"db": "PACKETSTORM",
"id": "154430",
"ident": null
},
{
"date": "2020-03-19T22:01:01",
"db": "PACKETSTORM",
"id": "156830",
"ident": null
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"date": "2019-09-12T20:40:57",
"db": "PACKETSTORM",
"id": "154475",
"ident": null
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-932",
"ident": null
},
{
"date": "2019-08-13T21:15:12.520000",
"db": "NVD",
"id": "CVE-2019-9515",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160950",
"ident": null
},
{
"date": "2022-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-932",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9515",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "156830"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-932"
}
],
"trust": 0.6
}
}
VAR-201908-0261
Vulnerability from variot - Updated: 2026-03-09 23:05Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nodejs8-nodejs security update Advisory ID: RHSA-2019:2955-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2955 Issue date: 2019-10-02 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ==================================================================== 1. Summary:
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1).
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm
s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm
s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm
x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm
s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm
x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm
s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm
x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm
s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm
x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm
noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm
x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe YoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b nEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI mWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy T0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+ fy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt pmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84 BMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ qmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc lzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK HSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD wV7rh6lCkE8=S8e1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.
For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0
SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team
Installation note:
SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 1.3
},
"cve": "CVE-2019-9518",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9518",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160953",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160953",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nodejs8-nodejs security update\nAdvisory ID: RHSA-2019:2955-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2955\nIssue date: 2019-10-02\nCVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513\n CVE-2019-9514 CVE-2019-9515 CVE-2019-9516\n CVE-2019-9517 CVE-2019-9518\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs8-nodejs is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\naarch64:\nrh-nodejs8-3.0-5.el7.aarch64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm\nrh-nodejs8-runtime-3.0-5.el7.aarch64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\naarch64:\nrh-nodejs8-3.0-5.el7.aarch64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm\nrh-nodejs8-runtime-3.0-5.el7.aarch64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe\nYoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b\nnEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI\nmWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy\nT0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+\nfy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt\npmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84\nBMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ\nqmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc\nlzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK\nHSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD\nwV7rh6lCkE8=S8e1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe fixes are too intrusive to backport to the version in the oldstable\ndistribution (stretch). An upgrade to Debian stable (buster) is\nrecommended instead. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u1. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8\nTjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM\nmsNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur\nwrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W\nJwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo\nh0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF\nSnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp\na0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO\n2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR\nXVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH\nSAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh\n3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0\n\nSwiftNIO HTTP/2 1.5.0 is now available and addresses the following:\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume unbounded amounts of memory when\nreceiving certain traffic patterns and eventually suffer resource\nexhaustion\nDescription: This issue was addressed with improved buffer size\nmanagement. \nCVE-2019-9512: Jonathan Looney of Netflix\nCVE-2019-9514: Jonathan Looney of Netflix\nCVE-2019-9515: Jonathan Looney of Netflix\nCVE-2019-9516: Jonathan Looney of Netflix\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume excessive CPU resources when\nreceiving certain traffic patterns\nDescription: This issue was addressed with improved input validation. \nCVE-2019-9518: Piotr Sikora of Google, Envoy Security Team\n\nInstallation note:\n\nSwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222 and\nhttps://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9518"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9518",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3325",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3114",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43922",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160953",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154058",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"id": "VAR-201908-0261",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T23:05:37.646000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=96623"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4352"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/18"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k46011592"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210436"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109775"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43922"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3325/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3412/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10212"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://github.com/apple/swift-nio-http2/releases/tag/1.5.0."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "154058"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160953",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155728",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154430",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156628",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154058",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9518",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160953",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2019-12-19T22:07:40",
"db": "PACKETSTORM",
"id": "155728",
"ident": null
},
{
"date": "2019-11-15T16:16:10",
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"date": "2019-09-10T23:12:17",
"db": "PACKETSTORM",
"id": "154430",
"ident": null
},
{
"date": "2020-03-05T14:41:17",
"db": "PACKETSTORM",
"id": "156628",
"ident": null
},
{
"date": "2019-08-14T22:22:22",
"db": "PACKETSTORM",
"id": "154058",
"ident": null
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-940",
"ident": null
},
{
"date": "2019-08-13T21:15:13.003000",
"db": "NVD",
"id": "CVE-2019-9518",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160953",
"ident": null
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-940",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9518",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 0.6
}
}
VAR-201908-0422
Vulnerability from variot - Updated: 2026-03-09 20:06Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387).
All OpenShift Container Platform 3.10 users are advised to upgrade to these updated packages and images. Solution:
For OpenShift Container Platform 3.10 see the following documentation, which will be updated shortly for release 3.10.170, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r elease_notes.html
- Description:
Skydive is an open source real-time network topology and protocols analyzer. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update Advisory ID: RHSA-2019:4020-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4020 Issue date: 2019-11-26 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-14838 CVE-2019-14843 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.2 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)
-
wildfly: wildfly-security-manager: security manager authorization bypass (CVE-2019-14843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1
- Package List:
Red Hat JBoss EAP 7.2 for RHEL 8:
Source: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.src.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.src.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.src.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el8eap.src.rpm
noarch: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.noarch.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm eap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm eap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/cve/CVE-2019-14843 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXd2ER9zjgjWX9erEAQi1nA//e/jdUS+GE7oei/yPvjlAKslkR7KbSyAi 4u4w9dQImFgMkxulKqE9r0Tap3ZsiWexVEEJdHBWX7EY84RfrriHRMC0AAxmDZxs jnWhtYQK9uERcWM5pa/ACwRAe218/204USjS8sLwRhWBOTnHVLHO53bPJiz+lG8o KPFuGHgzjVwKnfysJkK7em//Uf1IujwjUk2bE2VYdwhESvgH1KcMebjYTtr2uvS3 An9aAOwmBvUZhD2CSmZjDLVefTyFJBsG0+asLAdQzYQgLfHwYOpCdI3+vifUZ7Vq X1xeise2mgzJmYTsrbcrbeyeoZMCSfyiXzcJIVC165AxmPNVSELXDwi3Yd3NZma5 UTwYB8Wk69/hGEH4Qy6KQeOC0FdN8hqZxbd1zQauHCcBzOPIoQKUqM2iq8pdICI5 rz222ke6S/GGoUgl6zHHwd9/g/MQTZze+cj1KBsQpUQV04eIQkoUMkOJMX8m7J+z Oq2ZywqOwbpjQFFfU5A99OWivBaR2T+j1DZaKnlinCJy17Yw/rxUqBAcJEYal2jZ dG8i0ff5NZoG4kRr7yeYgxzGkwia4m7aSqP8vghhCWWc84wKb6TACjJqub8o6dnc Zvzldas6wdnUV8ewwv2iyIbO6juWjDa94o2H6jbVx16anlkepHVTdTHWJ85dUHIE K2lmfSkSJk0= =+f4c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The JBoss server process must be restarted for the update to take effect. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-11815 - Tracker bug for the RH-SSO 7.3.5 release for RHEL6
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.16.3)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154458"
},
{
"db": "PACKETSTORM",
"id": "154525"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155024"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155517"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.8
},
"cve": "CVE-2019-9512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9512",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160947",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9512",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9512",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9512",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9512",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-925",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160947",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9512",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain\nURIs or HTTP methods. A remote attacker could use this issue to inject\ninvalid characters and possibly perform header injection attacks. \n(CVE-2019-12387). \n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these\nupdated packages and images. Solution:\n\nFor OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r\nelease_notes.html\n\n5. Description:\n\nSkydive is an open source real-time network topology and protocols\nanalyzer. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update\nAdvisory ID: RHSA-2019:4020-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:4020\nIssue date: 2019-11-26\nCVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 \n CVE-2019-9515 CVE-2019-14838 CVE-2019-14843 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.2.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* undertow: HTTP/2: large amount of data requests leads to denial of\nservice (CVE-2019-9511)\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory\ngrowth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* wildfly: wildfly-security-manager: security manager authorization bypass\n(CVE-2019-14843)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 8:\n\nSource:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.src.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.src.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.src.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.src.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.src.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.noarch.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.noarch.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm\neap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-14838\nhttps://access.redhat.com/security/cve/CVE-2019-14843\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXd2ER9zjgjWX9erEAQi1nA//e/jdUS+GE7oei/yPvjlAKslkR7KbSyAi\n4u4w9dQImFgMkxulKqE9r0Tap3ZsiWexVEEJdHBWX7EY84RfrriHRMC0AAxmDZxs\njnWhtYQK9uERcWM5pa/ACwRAe218/204USjS8sLwRhWBOTnHVLHO53bPJiz+lG8o\nKPFuGHgzjVwKnfysJkK7em//Uf1IujwjUk2bE2VYdwhESvgH1KcMebjYTtr2uvS3\nAn9aAOwmBvUZhD2CSmZjDLVefTyFJBsG0+asLAdQzYQgLfHwYOpCdI3+vifUZ7Vq\nX1xeise2mgzJmYTsrbcrbeyeoZMCSfyiXzcJIVC165AxmPNVSELXDwi3Yd3NZma5\nUTwYB8Wk69/hGEH4Qy6KQeOC0FdN8hqZxbd1zQauHCcBzOPIoQKUqM2iq8pdICI5\nrz222ke6S/GGoUgl6zHHwd9/g/MQTZze+cj1KBsQpUQV04eIQkoUMkOJMX8m7J+z\nOq2ZywqOwbpjQFFfU5A99OWivBaR2T+j1DZaKnlinCJy17Yw/rxUqBAcJEYal2jZ\ndG8i0ff5NZoG4kRr7yeYgxzGkwia4m7aSqP8vghhCWWc84wKb6TACjJqub8o6dnc\nZvzldas6wdnUV8ewwv2iyIbO6juWjDa94o2H6jbVx16anlkepHVTdTHWJ85dUHIE\nK2lmfSkSJk0=\n=+f4c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe JBoss server process must be restarted for the update to take effect. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11815 - Tracker bug for the RH-SSO 7.3.5 release for RHEL6\n\n7. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9512"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "PACKETSTORM",
"id": "154458"
},
{
"db": "PACKETSTORM",
"id": "154525"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155024"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155517"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2019-9512",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/08/20/1",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155396",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156209",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155705",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155484",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155520",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154135",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4533",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3152",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0994",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4697",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4484",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43919",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155024",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154525",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154888",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154396",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154222",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154475",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154058",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154425",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160947",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154458",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155479",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155480",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "PACKETSTORM",
"id": "154458"
},
{
"db": "PACKETSTORM",
"id": "154525"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155024"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155517"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"id": "VAR-201908-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160947"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:06:59.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96610"
},
{
"title": "Red Hat: Important: container-tools:1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194273 - Security Advisory"
},
{
"title": "Red Hat: Important: go-toolset-1.11 and go-toolset-1.11-golang security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192682 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.11 HTTP/2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193906 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192661 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193245 - Security Advisory"
},
{
"title": "Red Hat: Important: go-toolset:rhel8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192726 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193265 - Security Advisory"
},
{
"title": "Red Hat: Important: containernetworking-plugins security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200406 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.20 golang security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193131 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192769 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: golang-1.13: CVE-2019-14809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4f1284fb5317a7db524840483ee9db6f"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192690 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.18 gRPC security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192861 - Security Advisory"
},
{
"title": "Red Hat: Important: container-tools:rhel8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194269 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192766 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-9512",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9512"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194045 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194021 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192594 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194018 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7cb587dafb04d397dd392a7f09dec1d9"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84ba5eefbc1d57b08d1c61852a12e026"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1270",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1270"
},
{
"title": "Debian Security Advisories: DSA-4503-1 golang-1.11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=99481074beb7ec3119ad722cad3dd9cc"
},
{
"title": "Debian Security Advisories: DSA-4508-1 h2o -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=728a827d177258876055a9107f821dfe"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194041 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9512"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194042 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194040 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194019 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194020 - Security Advisory"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4520-1 trafficserver -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3b21ecf9ab12cf6e0b56a2ef2ccf56b8"
},
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194352 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "Apple: SwiftNIO HTTP/2 1.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=39f63f0751cdcda5bff86ad147e8e1d5"
},
{
"title": "Arch Linux Advisories: [ASA-201908-15] go: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-15"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-16] go-pie: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-16"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200727 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: twisted vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4308-1"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1272"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193892 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "metarget",
"trust": 0.1,
"url": "https://github.com/brant-ruan/metarget "
},
{
"title": "sec-daily-2019",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2019 "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/http-bugs/147405/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"trust": 2.6,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.6,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4040"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4273"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:4352"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4041"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4042"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4045"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4269"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2690"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2796"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:3245"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/31"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/43"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/sep/18"
},
{
"trust": 1.8,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k98053339"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2594"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2661"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2682"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2726"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2766"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2769"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2861"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3131"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3265"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3906"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0406"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.7,
"url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210436"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:3905"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109775"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43919"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4697/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128279"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3152/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4324/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1168528"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/605641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11247"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "PACKETSTORM",
"id": "154458"
},
{
"db": "PACKETSTORM",
"id": "154525"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155024"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155517"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160947"
},
{
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"db": "PACKETSTORM",
"id": "154458"
},
{
"db": "PACKETSTORM",
"id": "154525"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155024"
},
{
"db": "PACKETSTORM",
"id": "155480"
},
{
"db": "PACKETSTORM",
"id": "155517"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160947"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"date": "2019-09-11T19:58:47",
"db": "PACKETSTORM",
"id": "154458"
},
{
"date": "2019-09-19T16:25:47",
"db": "PACKETSTORM",
"id": "154525"
},
{
"date": "2019-12-19T22:07:40",
"db": "PACKETSTORM",
"id": "155728"
},
{
"date": "2019-11-27T15:37:53",
"db": "PACKETSTORM",
"id": "155479"
},
{
"date": "2019-10-30T15:51:48",
"db": "PACKETSTORM",
"id": "155024"
},
{
"date": "2019-11-27T15:38:24",
"db": "PACKETSTORM",
"id": "155480"
},
{
"date": "2019-12-02T19:18:53",
"db": "PACKETSTORM",
"id": "155517"
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"date": "2019-08-13T21:15:12.287000",
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-160947"
},
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9512"
},
{
"date": "2022-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-925"
},
{
"date": "2024-11-21T04:51:46.193000",
"db": "NVD",
"id": "CVE-2019-9512"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-925"
}
],
"trust": 0.6
}
}
VAR-201707-1309
Vulnerability from variot - Updated: 2025-04-20 20:24Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5.
For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nginx packages.
Ubuntu Security Notice USN-3352-1 July 13, 2017
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1
Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.13.0"
},
{
"model": "enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.2.3"
},
{
"model": "enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.1.1"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.13.2"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "puppet",
"version": "2016.4.7"
},
{
"model": "enterprise",
"scope": "gte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.2.1"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.12.1"
},
{
"model": "enterprise",
"scope": "gte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.11.12"
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "igor sysoev",
"version": null
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.9.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.7.69"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.13.3"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12.1"
}
],
"sources": [
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99534"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7529",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115732",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7529",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7529",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7529",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7529",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115732",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7529",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. \nnginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your nginx packages. \n==========================================================================\nUbuntu Security Notice USN-3352-1\nJuly 13, 2017\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. A remote attacker could use this to expose\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n nginx-common 1.10.3-1ubuntu3.1\n nginx-core 1.10.3-1ubuntu3.1\n nginx-extras 1.10.3-1ubuntu3.1\n nginx-full 1.10.3-1ubuntu3.1\n nginx-light 1.10.3-1ubuntu3.1\n\nUbuntu 16.10:\n nginx-common 1.10.1-0ubuntu1.3\n nginx-core 1.10.1-0ubuntu1.3\n nginx-extras 1.10.1-0ubuntu1.3\n nginx-full 1.10.1-0ubuntu1.3\n nginx-light 1.10.1-0ubuntu1.3\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.2\n nginx-core 1.10.3-0ubuntu0.16.04.2\n nginx-extras 1.10.3-0ubuntu0.16.04.2\n nginx-full 1.10.3-0ubuntu0.16.04.2\n nginx-light 1.10.3-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.8\n nginx-core 1.4.6-1ubuntu3.8\n nginx-extras 1.4.6-1ubuntu3.8\n nginx-full 1.4.6-1ubuntu3.8\n nginx-light 1.4.6-1ubuntu3.8\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2017:2538-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2538\nIssue date: 2017-08-28\nCVE Names: CVE-2017-7529 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and\nlow memory usage. A remote attacker could possibly\nexploit this flaw to disclose parts of the cache file header, or, if used\nin combination with third party modules, disclose potentially sensitive\nmemory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7529\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT\nRf+yBkpEe91OHNNto3rboqM=\n=rlDh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115732",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7529",
"trust": 3.3
},
{
"db": "BID",
"id": "99534",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039238",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1701",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143935",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143348",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143347",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-96273",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115732",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"id": "VAR-201707-1309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T20:24:47.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-7529",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"title": "Nginx range filter Fixes for module digital error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=71698"
},
{
"title": "Ubuntu Security Notice: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3352-1"
},
{
"title": "Debian Security Advisories: DSA-3908-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=704f48ff7bd09792912d23527ab54543"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0f173670cb05b0faed5127f8a0445b1"
},
{
"title": "Amazon Linux AMI: ALAS-2017-894",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-894"
},
{
"title": "Red Hat: CVE-2017-7529",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-7529"
},
{
"title": "Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-12"
},
{
"title": "Arch Linux Advisories: [ASA-201707-11] nginx: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-11"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-7529"
},
{
"title": "nginxpwner",
"trust": 0.1,
"url": "https://github.com/stark0de/nginxpwner "
},
{
"title": "cve-2017-7529",
"trust": 0.1,
"url": "https://github.com/cved-sources/cve-2017-7529 "
},
{
"title": "nginx-CVE-2017-7529",
"trust": 0.1,
"url": "https://github.com/cyberharsh/nginx-CVE-2017-7529 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2538"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99534"
},
{
"trust": 1.7,
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039238"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1701/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://nginx.org/#2017-07-11"
},
{
"trust": 0.3,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3352-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115732"
},
{
"date": "2017-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99534"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"date": "2017-07-14T02:16:01",
"db": "PACKETSTORM",
"id": "143348"
},
{
"date": "2017-07-14T02:15:51",
"db": "PACKETSTORM",
"id": "143347"
},
{
"date": "2017-08-28T21:24:00",
"db": "PACKETSTORM",
"id": "143935"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2017-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"date": "2017-07-13T13:29:00.220000",
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-115732"
},
{
"date": "2022-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99534"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx of range filter Module integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
],
"trust": 0.6
}
}
VAR-201404-0682
Vulnerability from variot - Updated: 2025-04-13 23:18The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.4,
"vendor": "igor sysoev",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.10"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.11"
}
],
"sources": [
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Molas",
"sources": [
{
"db": "BID",
"id": "67507"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67581",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0088",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0088",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67581",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected application. \nnginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0088",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1030150",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576",
"trust": 0.7
},
{
"db": "BID",
"id": "67507",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-67581",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0088",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"id": "VAR-201404-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:23.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2014-0088",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"title": "nginx-1.5.11",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49670"
},
{
"title": "nginx-1.5.11",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49669"
},
{
"title": "Red Hat: CVE-2014-0088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0088"
},
{
"title": "usn-search",
"trust": 0.1,
"url": "https://github.com/lukeber4/usn-search "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aravindb26/new.txt "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1030150"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-67581"
},
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"date": "2014-03-04T00:00:00",
"db": "BID",
"id": "67507"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"date": "2014-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"date": "2014-04-29T14:38:49.920000",
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-67581"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"date": "2014-03-04T00:00:00",
"db": "BID",
"id": "67507"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
],
"trust": 0.6
}
}
VAR-201412-0611
Vulnerability from variot - Updated: 2025-04-13 23:10nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. nginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy3.
For the testing distribution (jessie), this problem has been fixed in version 1.6.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC GjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd W0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI rXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I vVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV 4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf YbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2 zt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf 3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c mBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N xzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr dGeskBuPPhZC1qYrJkyI =XURr -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2351-1 September 22, 2014
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.1 nginx-extras 1.4.6-1ubuntu3.1 nginx-full 1.4.6-1ubuntu3.1 nginx-light 1.4.6-1ubuntu3.1 nginx-naxsi 1.4.6-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2351-1 CVE-2014-3616
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-06
http://security.gentoo.org/
Severity: Normal Title: nginx: Information disclosure Date: February 07, 2015 Bugs: #522994 ID: 201502-06
Synopsis
An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6"
References
[ 1 ] CVE-2014-3616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.5.6 to 1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.40"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antoine Delignat-Lavaud and Karthikeyan Bhargavan",
"sources": [
{
"db": "BID",
"id": "70025"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3616",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-71556",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3616",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3616",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1268",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71556",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. \nAn attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. \nnginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy3. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.6.2-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC\nGjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd\nW0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI\nrXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I\nvVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV\n4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf\nYbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2\nzt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf\n3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c\nmBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N\nxzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr\ndGeskBuPPhZC1qYrJkyI\n=XURr\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2351-1\nSeptember 22, 2014\n\nnginx vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.1\n nginx-extras 1.4.6-1ubuntu3.1\n nginx-full 1.4.6-1ubuntu3.1\n nginx-light 1.4.6-1ubuntu3.1\n nginx-naxsi 1.4.6-1ubuntu3.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2351-1\n CVE-2014-3616\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Information disclosure\n Date: February 07, 2015\n Bugs: #522994\n ID: 201502-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nAn SSL session fixation vulnerability in nginx may allow remote\nattackers to obtain sensitive information. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.7.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71556",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3616",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268",
"trust": 0.7
},
{
"db": "BID",
"id": "70025",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "128332",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130278",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128328",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89321",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71556",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131099",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"id": "VAR-201412-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:10:04.651000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3029",
"trust": 0.8,
"url": "http://www.debian.org/security/2014/dsa-3029"
},
{
"title": "CVE-2014-3616",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
},
{
"title": "nginx-1.7.5",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=55253"
},
{
"title": "nginx-1.7.5",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=55252"
},
{
"title": "Ubuntu Security Notice: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2351-1"
},
{
"title": "Debian Security Advisories: DSA-3029-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3dd41a089230b0ac4671d1b4ec4d3881"
},
{
"title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-421"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.debian.org/security/2014/dsa-3029"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/613.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2351-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/70025"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2351-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201502-06.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3616"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0136.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71556"
},
{
"date": "2014-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"date": "2014-08-06T00:00:00",
"db": "BID",
"id": "70025"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"date": "2014-09-22T20:19:12",
"db": "PACKETSTORM",
"id": "128332"
},
{
"date": "2014-09-22T20:18:28",
"db": "PACKETSTORM",
"id": "128328"
},
{
"date": "2015-02-09T17:00:47",
"db": "PACKETSTORM",
"id": "130278"
},
{
"date": "2015-03-30T21:26:01",
"db": "PACKETSTORM",
"id": "131099"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"date": "2014-12-08T11:59:03.390000",
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71556"
},
{
"date": "2020-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"date": "2015-04-13T21:39:00",
"db": "BID",
"id": "70025"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx In Virtual Host Confusion Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.6
}
}
VAR-201403-0548
Vulnerability from variot - Updated: 2025-04-13 23:10Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-20
http://security.gentoo.org/
Severity: Normal Title: nginx: Arbitrary code execution Date: June 22, 2014 Bugs: #505018 ID: 201406-20
Synopsis
A vulnerability has been found in nginx which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server. The SPDY implementation is not enabled in default configurations.
Workaround
Disable the spdy module in NGINX_MODULES_HTTP.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
References
[ 1 ] CVE-2014-0133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0 x8jC+tKifZWs8shTG2EYzgo= =oIRY -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "13.1"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.15"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:opensuse",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Molas",
"sources": [
{
"db": "BID",
"id": "66537"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0133",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0133",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-536",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. \nnginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Arbitrary code execution\n Date: June 22, 2014\n Bugs: #505018\n ID: 201406-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in nginx which may allow execution of\narbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. The SPDY implementation is not enabled in default\nconfigurations. \n\nWorkaround\n==========\n\nDisable the spdy module in NGINX_MODULES_HTTP. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0133\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to reuse cached SSL sessions in unrelated contexts,\n allowing virtual host confusion attacks in some configurations by an\n attacker in a privileged network position (CVE-2014-3616). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0\nx8jC+tKifZWs8shTG2EYzgo=\n=oIRY\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0133"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0133",
"trust": 3.0
},
{
"db": "BID",
"id": "66537",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "127175",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131099",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-67626",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"id": "VAR-201403-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:10:04.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openSUSE-SU-2014:0450",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
},
{
"title": "CVE-2014-0133",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
},
{
"title": "nginx-1.4.7-3.9.1.x86_64",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48927"
},
{
"title": "nginx-1.4.7-3.9.1.src",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48926"
},
{
"title": "nginx-1.5.12",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48924"
},
{
"title": "nginx-1.4.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48923"
},
{
"title": "nginx-1.4.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48922"
},
{
"title": "nginx-1.5.12",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48925"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66537"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0133"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-20.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0133"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0136.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-67626"
},
{
"date": "2014-03-18T00:00:00",
"db": "BID",
"id": "66537"
},
{
"date": "2014-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"date": "2014-06-24T00:56:14",
"db": "PACKETSTORM",
"id": "127175"
},
{
"date": "2015-03-30T21:26:01",
"db": "PACKETSTORM",
"id": "131099"
},
{
"date": "2014-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"date": "2014-03-28T15:55:08.607000",
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-67626"
},
{
"date": "2014-06-23T06:45:00",
"db": "BID",
"id": "66537"
},
{
"date": "2014-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of SPDY Implementation of heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
],
"trust": 0.6
}
}
VAR-201606-0476
Vulnerability from variot - Updated: 2025-04-13 21:51os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. nginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ========================================================================== Ubuntu Security Notice USN-2991-1 June 02, 2016
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
nginx could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.
We recommend that you upgrade your nginx packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.10.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.11.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.11.1"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "16.04 lts"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "of 1.11.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.8.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.7.5"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.7.3"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.0.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.2"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "aspera shares",
"scope": "ne",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.6"
},
{
"model": "aspera shares",
"scope": "ne",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "90967"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-93269",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4450",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4450",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4450",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-010",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. \nnginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ==========================================================================\nUbuntu Security Notice USN-2991-1\nJune 02, 2016\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n nginx-core 1.10.0-0ubuntu0.16.04.2\n nginx-extras 1.10.0-0ubuntu0.16.04.2\n nginx-full 1.10.0-0ubuntu0.16.04.2\n nginx-light 1.10.0-0ubuntu0.16.04.2\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.2\n nginx-extras 1.9.3-1ubuntu1.2\n nginx-full 1.9.3-1ubuntu1.2\n nginx-light 1.9.3-1ubuntu1.2\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.5\n nginx-extras 1.4.6-1ubuntu3.5\n nginx-full 1.4.6-1ubuntu3.5\n nginx-light 1.4.6-1ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to crash or, possibly,\nexecute arbitrary code if nginx enabled the resolver in its configuration. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to use an excessive amount of\nresources if nginx enabled the resolver in its configuration. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1. \n\nWe recommend that you upgrade your nginx packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4450",
"trust": 3.2
},
{
"db": "BID",
"id": "90967",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036019",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1717",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "137286",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137296",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"id": "VAR-201606-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T21:51:37.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3592",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3592"
},
{
"title": "USN-2991-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2991-1/"
},
{
"title": "CVE-2016-4450",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"title": "nginx Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=62036"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2991-1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/90967"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3592"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036019"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4450"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4450"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1717/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-93269"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90967"
},
{
"date": "2016-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"date": "2016-06-02T16:24:00",
"db": "PACKETSTORM",
"id": "137296"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-06-01T23:31:23",
"db": "PACKETSTORM",
"id": "137286"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"date": "2016-06-07T14:06:14.200000",
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93269"
},
{
"date": "2016-10-26T00:19:00",
"db": "BID",
"id": "90967"
},
{
"date": "2016-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of os/unix/ngx_files.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
],
"trust": 0.6
}
}
VAR-201602-0392
Vulnerability from variot - Updated: 2025-04-13 20:55Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "42.1"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0746",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0746",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-88256",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0746",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0746",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-0746",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-058",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-88256",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0746",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0746",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-88256",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"id": "VAR-201602-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T20:55:52.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302588",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for reusing vulnerabilities after release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60055"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0746",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0746"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0746"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0746"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88256"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"date": "2016-02-15T19:59:01.157000",
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88256"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
],
"trust": 0.6
}
}
VAR-201412-0610
Vulnerability from variot - Updated: 2025-04-13 19:56The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. Versions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04533567
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04533567 Version: 1
HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-01-10 Last Updated: 2015-01-10
Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities.
References:
CVE-2014-3556 - cryptographic issues (CWE-310) CVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399) CVE-2014-3568 - cryptographic issues (CWE-310) SSRT101779
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS - All versions prior to Version 1.4-495
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version 0.9.8zc and includes the latest security updates from OpenSSL.org.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following locations:
OpenVMS HP SSL website: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page.
Go to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/
Login using your HP Passport account
Search for the Patch Kit Name from the table below
HP SSL Version OpenVMS Platform Patch Kit Name
V1.4-495 Alpha
OpenVMS V8.3, V8.4 HP-AXPVMS-SSL-V0104
V1.4-495 ITANIUM
OpenVMS V8.3, V8.3-1H1, V8.4 HP-I64VMS-SSL-V0104
HISTORY Version:1 (rev.1) - 10 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n Fj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX =ZBgU -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0610",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.7.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.6.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Boulton",
"sources": [
{
"db": "BID",
"id": "69111"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3556",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3556",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3556",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-095",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. \nVersions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04533567\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04533567\nVersion: 1\n\nHPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information,\nDenial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-10\nLast Updated: 2015-01-10\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS) and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SSL for\nOpenVMS. These vulnerabilities could be remotely exploited to create a remote\ndisclosure of information, Denial of Service, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-3556 - cryptographic issues (CWE-310)\nCVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399)\nCVE-2014-3568 - cryptographic issues (CWE-310)\nSSRT101779\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS - All versions prior to Version 1.4-495\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version\n0.9.8zc and includes the latest security updates from OpenSSL.org. \n\nHP has made the following patch kit available to resolve the vulnerabilities. \n\nThe HP SSL Version 1.4-495 for OpenVMS is available from the following\nlocations:\n\nOpenVMS HP SSL website:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nThe HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha\nplatforms have been uploaded to HP Support Center website. Customers can\naccess the kits from Patch Management page. \n\nGo to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/\n\nLogin using your HP Passport account\n\nSearch for the Patch Kit Name from the table below\n\nHP SSL Version OpenVMS\n Platform\n Patch Kit Name\n\nV1.4-495\n Alpha\n\nOpenVMS V8.3, V8.4\n HP-AXPVMS-SSL-V0104\n\nV1.4-495\n ITANIUM\n\nOpenVMS V8.3, V8.3-1H1, V8.4\n HP-I64VMS-SSL-V0104\n\nHISTORY\nVersion:1 (rev.1) - 10 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n\nFj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX\n=ZBgU\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "PACKETSTORM",
"id": "129877"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71496",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3556",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095",
"trust": 0.7
},
{
"db": "BID",
"id": "69111",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "129877",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71496",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"id": "VAR-201412-0610",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:56:37.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBOV03227",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"title": "http://nginx.org/download/patch.2014.starttls.txt",
"trust": 0.8,
"url": "http://nginx.org/download/patch.2014.starttls.txt"
},
{
"title": "Bug 1126891",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891"
},
{
"title": "CVE-2014-3556",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
},
{
"title": "nginx-1.6.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53046"
},
{
"title": "nginx-1.7.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53049"
},
{
"title": "nginx-1.7.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53048"
},
{
"title": "nginx-1.6.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53047"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://nginx.org/download/patch.2014.starttls.txt"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3556"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3556"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home/"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3556"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71496"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69111"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"date": "2015-01-12T17:14:20",
"db": "PACKETSTORM",
"id": "129877"
},
{
"date": "2014-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"date": "2014-12-29T20:59:03.943000",
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71496"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69111"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of SMTP proxy of mail/ngx_mail_smtp_handler.c of STARTTLS Encrypted in implementation SMTP Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
],
"trust": 0.6
}
}
VAR-201602-0393
Vulnerability from variot - Updated: 2025-04-13 19:41The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "42.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "1.2"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0742",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-88252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0742",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0742",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88252",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-0742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0742",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-88252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"id": "VAR-201602-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:41:48.713000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302587",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60054"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0742",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0742"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0742"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0742"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88252"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"date": "2016-02-15T19:59:00.107000",
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88252"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
],
"trust": 0.6
}
}
VAR-201602-0391
Vulnerability from variot - Updated: 2025-04-13 19:38The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "42.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0747",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0747",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-88257",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0747",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0747",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-0747",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-88257",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-0747",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. A remote attacker could\nsend a specially crafted request that would cause nginx worker process to\ncrash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0747",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-88257",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"id": "VAR-201602-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:38:16.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302589",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60056"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0747"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0747"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0747"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88257"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"date": "2016-02-15T19:59:02.123000",
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88257"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
],
"trust": 0.6
}
}
VAR-201006-0492
Vulnerability from variot - Updated: 2025-04-11 22:54nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.67"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.40"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "0.8.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.36"
}
],
"sources": [
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78928"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-44871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2266",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-226",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44871",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2266"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "VULHUB",
"id": "VHN-44871"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-44871",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2266",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "13818",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226",
"trust": 0.7
},
{
"db": "BID",
"id": "78928",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-88008",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-88038",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-44871",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"id": "VAR-201006-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:54:13.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.exploit-db.com/exploits/13818/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2266"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-44871"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "78928"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"date": "2010-06-15T14:04:24.420000",
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44871"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "78928"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
}
],
"trust": 0.6
}
}
VAR-201006-0493
Vulnerability from variot - Updated: 2025-04-11 22:54nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.66"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.39"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.66"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.40"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.20"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.41"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr_IDE Jose Antonio Vazquez Gonzalez",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2263",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2263",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-224",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. \nnginx 0.8.36 for Windows is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2263"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2263",
"trust": 2.7
},
{
"db": "BID",
"id": "40760",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "13822",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "13818",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1094",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"id": "VAR-201006-0493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
}
]
},
"last_update_date": "2025-04-11T22:54:13.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
},
{
"title": "Nginx remote source code leak and denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/454"
},
{
"title": "Vulnerabilities with Windows file default stream",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=3683"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/13822"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/40760"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/13818"
},
{
"trust": 1.6,
"url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/40760/"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"date": "2010-06-11T00:00:00",
"db": "BID",
"id": "40760"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"date": "2010-06-15T14:04:24.313000",
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "40760"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerabilities in which source code is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
}
}
VAR-201307-0483
Vulnerability from variot - Updated: 2025-04-11 22:02The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the 'ngx_http_parse_chunked' function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . From: Maxim Dounin mdounin at mdounin.ru Tue May 7 11:30:26 UTC 2013
Hello!
Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
-- Maxim Dounin http://nginx.org/en/donation.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.9 to 1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.4.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.3.9"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.7"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg MacManus of iSIGHT Partners Labs",
"sources": [
{
"db": "BID",
"id": "59699"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2028",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-62030",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2028",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2028",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-62030",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-2028",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the \u0027ngx_http_parse_chunked\u0027 function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. From: Maxim Dounin mdounin at mdounin.ru\nTue May 7 11:30:26 UTC 2013\n\nHello!\n\nGreg MacManus, of iSIGHT Partners Labs, found a security problem\nin several recent versions of nginx. \n\nPatch for the problem can be found here:\n\nhttp://nginx.org/download/patch.2013.chunked.txt\n\nAs a temporary workaround the following configuration\ncan be used in each server{} block:\n\n if ($http_transfer_encoding ~* chunked) {\n return 444;\n }\n\n\n-- \nMaxim Dounin\nhttp://nginx.org/en/donation.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25499",
"trust": 0.4,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-62030",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2028",
"trust": 3.1
},
{
"db": "BID",
"id": "59699",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "121675",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55181",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "93037",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "121560",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "25499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "125758",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122477",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "26737",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "25775",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32277",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85572",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-79430",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-79160",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80363",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-62030",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-2028",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"id": "VAR-201307-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:02:02.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GLSA 201310-04",
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/ja/"
},
{
"title": "CVE-2013-2028",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
},
{
"title": "nginx \u0027ngx_http_parse.c\u0027 Repair measures for stack buffer error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=134168"
},
{
"title": "nginxpwn",
"trust": 0.1,
"url": "https://github.com/kitctf/nginxpwn "
},
{
"title": "hack4career",
"trust": 0.1,
"url": "https://github.com/mertsarica/hack4career "
},
{
"title": "docker-cve-2013-2028",
"trust": 0.1,
"url": "https://github.com/mambroziak/docker-cve-2013-2028 "
},
{
"title": "nginx-1.4.0",
"trust": 0.1,
"url": "https://github.com/danghvu/nginx-1.4.0 "
},
{
"title": "zeus-software-security",
"trust": 0.1,
"url": "https://github.com/alexgeunholee/zeus-software-security "
},
{
"title": "nginxhack",
"trust": 0.1,
"url": "https://github.com/jptr218/nginxhack "
},
{
"title": "non-controlflow-hijacking-datasets",
"trust": 0.1,
"url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
},
{
"title": "exploit-development-case-studies",
"trust": 0.1,
"url": "https://github.com/dyjakan/exploit-development-case-studies "
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/LinuxFlaw "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/59699"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"trust": 1.9,
"url": "http://nginx.org/download/patch.2013.chunked.txt"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105176.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/121675/nginx-1.3.9-1.4.0-denial-of-service.html"
},
{
"trust": 1.8,
"url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/"
},
{
"trust": 1.8,
"url": "https://github.com/rapid7/metasploit-framework/pull/1834"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/93037"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55181"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2028"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://int3pids.blogspot.com.es/2013/07/nginx-reliable-explotation-through.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2013/q2/290"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/kitctf/nginxpwn"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/25499/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://nginx.org/en/donation.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-62030"
},
{
"date": "2013-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"date": "2013-05-07T00:00:00",
"db": "BID",
"id": "59699"
},
{
"date": "2013-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"date": "2013-10-07T22:29:42",
"db": "PACKETSTORM",
"id": "123516"
},
{
"date": "2013-05-08T02:43:02",
"db": "PACKETSTORM",
"id": "121560"
},
{
"date": "2013-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"date": "2013-07-20T03:37:20.730000",
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-62030"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"date": "2015-04-13T21:40:00",
"db": "BID",
"id": "59699"
},
{
"date": "2013-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.6
}
}
VAR-201112-0347
Vulnerability from variot - Updated: 2025-04-11 20:17Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46798
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
RELEASE DATE: 2011-11-17
DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46798/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default).
SOLUTION: Update to version 1.0.10.
PROVIDED AND/OR DISCOVERED BY: Ben Hawkes
ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0
Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webyast",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "16"
},
{
"model": "studio",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.2"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.41"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.37"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
}
],
"sources": [
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Hawkes",
"sources": [
{
"db": "BID",
"id": "50710"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4315",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-52260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4315",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4315",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52260",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx DNS Response Handling Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nRELEASE DATE:\n2011-11-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in nginx, which can be exploited by\nmalicious people to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code but\nrequires that the custom DNS resolver is enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 1.0.10. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Hawkes\n\nORIGINAL ADVISORY:\nnginx:\nhttp://nginx.org/en/CHANGES-1.0\n\nBen Hawkes:\nhttp://www.openwall.com/lists/oss-security/2011/11/17/8\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4315"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4315",
"trust": 2.9
},
{
"db": "BID",
"id": "50710",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/11/17/8",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "47097",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/11/17/10",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46798",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"id": "VAR-201112-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T20:17:54.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CHANGES-1.0",
"trust": 0.8,
"url": "http://www.nginx.org/en/CHANGES-1.0"
},
{
"title": "4268 (nginx)",
"trust": 0.8,
"url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
},
{
"title": "nginx-1.0.10",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42000"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/47097"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/50710"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-december/070569.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
},
{
"trust": 1.7,
"url": "http://openwall.com/lists/oss-security/2011/11/17/8"
},
{
"trust": 1.7,
"url": "http://openwall.com/lists/oss-security/2011/11/17/10"
},
{
"trust": 1.7,
"url": "http://www.nginx.org/en/changes-1.0"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4315"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4315"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://www.nginx.org/en/changes"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47097"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47097/"
},
{
"trust": 0.1,
"url": "https://hermes.opensuse.org/messages/12768388"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47097/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/8"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46798/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46798/#comments"
},
{
"trust": 0.1,
"url": "http://nginx.org/en/changes-1.0"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/#comments"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52260"
},
{
"date": "2011-11-17T00:00:00",
"db": "BID",
"id": "50710"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"date": "2012-03-29T02:37:12",
"db": "PACKETSTORM",
"id": "111273"
},
{
"date": "2011-12-06T04:14:38",
"db": "PACKETSTORM",
"id": "107566"
},
{
"date": "2011-11-17T02:29:24",
"db": "PACKETSTORM",
"id": "107076"
},
{
"date": "2012-03-28T06:36:19",
"db": "PACKETSTORM",
"id": "111263"
},
{
"date": "2011-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"date": "2011-12-08T20:55:01",
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-52260"
},
{
"date": "2015-04-13T21:13:00",
"db": "BID",
"id": "50710"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
],
"trust": 0.6
}
}
VAR-200909-0576
Vulnerability from variot - Updated: 2025-04-10 23:12Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62
Description
Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.
Workaround
There is no known workaround at this time.
Resolution
All nginx 0.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38
All nginx 0.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39
All nginx 0.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62
References
[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-18.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.
For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.
We recommend that you upgrade your nginx packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.15"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.62"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.38"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.39"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"model": "nginx",
"scope": "lte",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.1.0 from 0.5.37"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.6.39 earlier"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.62 earlier"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.15 earlier"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.37"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.38"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Ries",
"sources": [
{
"db": "BID",
"id": "36384"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-40075",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#180065",
"trust": 0.8,
"value": "4.22"
},
{
"author": "NVD",
"id": "CVE-2009-2629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-302",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-40075",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 0.7.62 *\u003e= 0.5.38\n *\u003e= 0.6.39\n \u003e= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2629\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2629"
},
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-40075",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180065",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2009-2629",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302",
"trust": 0.7
},
{
"db": "BID",
"id": "36384",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "81454",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81284",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-87569",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-69732",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "14830",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-40075",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"id": "VAR-200909-0576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:12:48.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.net/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/180065"
},
{
"trust": 2.5,
"url": "http://www.debian.org/security/2009/dsa-1884"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.5"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.6"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.7"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.180065.txt"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.4,
"url": "http://nginx.net/changes"
},
{
"trust": 0.9,
"url": "http://security.gentoo.org/glsa/glsa-200909-18.xml"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu180065/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2629"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#180065"
},
{
"date": "2009-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-40075"
},
{
"date": "2009-09-14T00:00:00",
"db": "BID",
"id": "36384"
},
{
"date": "2009-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"date": "2009-09-19T16:50:46",
"db": "PACKETSTORM",
"id": "81454"
},
{
"date": "2009-09-15T04:05:55",
"db": "PACKETSTORM",
"id": "81284"
},
{
"date": "2009-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"date": "2009-09-15T22:30:00.233000",
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180065"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-40075"
},
{
"date": "2015-05-07T17:02:00",
"db": "BID",
"id": "36384"
},
{
"date": "2009-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.6
}
}
VAR-200911-0310
Vulnerability from variot - Updated: 2025-04-10 21:31src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later.
ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200911-0310",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.59"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.47"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.51"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.58"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.60"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.49"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.53"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.57"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.54"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.50"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.60"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.56"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.47"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.51"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "nginx",
"version": "0.6.1516"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.61"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.53"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.56"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.50"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.61"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.54"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.49"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.58"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.59"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.57"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.1.0 to 0.4.14"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.6.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.6.39"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.5.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.5.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.62"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.49"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.47"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.50"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.3.11"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.37"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.4.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.4.13"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "36839"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jasson Bell",
"sources": [
{
"db": "BID",
"id": "36839"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3896",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-3896",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-41342",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3896",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3896",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-41342",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later. \n\nORIGINAL ADVISORY:\nGLSA 201203-22:\nhttp://www.gentoo.org/security/en/glsa/glsa-201203-22.xml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3896"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "BID",
"id": "36839"
},
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3896",
"trust": 2.9
},
{
"db": "BID",
"id": "36839",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/6",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-87573",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41342",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "BID",
"id": "36839"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"id": "VAR-200911-0310",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41342"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T21:31:00.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/36839"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2009/dsa-1920"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/6"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.7,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.null.pointer.txt"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3896"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3896"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=nginx\u0026amp;m=125692080328141\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "BID",
"id": "36839"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41342"
},
{
"db": "BID",
"id": "36839"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-41342"
},
{
"date": "2009-10-27T00:00:00",
"db": "BID",
"id": "36839"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"date": "2012-03-29T02:37:12",
"db": "PACKETSTORM",
"id": "111273"
},
{
"date": "2012-03-28T06:36:19",
"db": "PACKETSTORM",
"id": "111263"
},
{
"date": "2009-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"date": "2009-11-24T17:30:00.377000",
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-41342"
},
{
"date": "2015-04-13T20:25:00",
"db": "BID",
"id": "36839"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005107"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-243"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3896"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of src/http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005107"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-243"
}
],
"trust": 0.6
}
}
VAR-200911-0311
Vulnerability from variot - Updated: 2025-04-10 21:06Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory. These issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: nginx WebDAV Directory Traversal Security Issue
SECUNIA ADVISORY ID: SA36818
VERIFY ADVISORY: http://secunia.com/advisories/36818/
DESCRIPTION: A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions.
Successful exploitation requires that the server has been compiled with the http_dav_module and that the attacker is allowed to use the "MOVE" or "COPY" methods.
The security issue is reported in version 0.7.61 and confirmed in version 0.7.62.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Kingcope
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200911-0311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.59"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.47"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.51"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.58"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.60"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.49"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.53"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.57"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.54"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.50"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.60"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.56"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.33"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.40"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.62"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.47"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.30"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.51"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "nginx",
"version": "0.6.1516"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.61"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.53"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.56"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.20"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.21"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.50"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.61"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.54"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.23"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.49"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.58"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.25"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.29"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.28"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.38"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.24"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.59"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.22"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.34"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.31"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.2.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.26"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.37"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "0.3.57"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.6.35"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.6.32"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "36490"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kingcope",
"sources": [
{
"db": "BID",
"id": "36490"
}
],
"trust": 0.3
},
"cve": "CVE-2009-3898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2009-3898",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-41344",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3898",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3898",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-245",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-41344",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The \u0027nginx\u0027 program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. \nAn attacker can exploit these issues using directory-traversal strings (\u0027../\u0027) to overwrite arbitrary files outside the root directory. \nThese issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx WebDAV Directory Traversal Security Issue\n\nSECUNIA ADVISORY ID:\nSA36818\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36818/\n\nDESCRIPTION:\nA security issue has been discovered in nginx, which can be exploited\nby malicious people to bypass certain security restrictions. \n\nSuccessful exploitation requires that the server has been compiled\nwith the http_dav_module and that the attacker is allowed to use the\n\"MOVE\" or \"COPY\" methods. \n\nThe security issue is reported in version 0.7.61 and confirmed in\nversion 0.7.62. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3898"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "BID",
"id": "36490"
},
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "PACKETSTORM",
"id": "81568"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41344",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3898",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "36818",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245",
"trust": 0.7
},
{
"db": "BID",
"id": "36490",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-87572",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-66932",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9829",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "BID",
"id": "36490"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "PACKETSTORM",
"id": "81568"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"id": "VAR-200911-0311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T21:06:16.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36818"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3898"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3898"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "/archive/1/506662"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=oss-security\u0026amp;m=125897327321676\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=oss-security\u0026amp;m=125897425223039\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=oss-security\u0026amp;m=125900327409842\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36818/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "BID",
"id": "36490"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "PACKETSTORM",
"id": "81568"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41344"
},
{
"db": "BID",
"id": "36490"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"db": "PACKETSTORM",
"id": "81568"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-41344"
},
{
"date": "2009-09-23T00:00:00",
"db": "BID",
"id": "36490"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"date": "2009-09-23T05:54:46",
"db": "PACKETSTORM",
"id": "81568"
},
{
"date": "2012-03-29T02:37:12",
"db": "PACKETSTORM",
"id": "111273"
},
{
"date": "2012-03-28T06:36:19",
"db": "PACKETSTORM",
"id": "111263"
},
{
"date": "2009-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"date": "2009-11-24T17:30:00.437000",
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-41344"
},
{
"date": "2012-03-28T21:30:00",
"db": "BID",
"id": "36490"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005108"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-245"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of src/http/modules/ngx_http_dav_module.c Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-245"
}
],
"trust": 0.6
}
}
VAR-202304-0123
Vulnerability from variot - Updated: 2025-02-20 22:50Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. F5 Networks of njs Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "njs",
"scope": "eq",
"trust": 1.0,
"vendor": "nginx",
"version": "2019-06-27"
},
{
"model": "njs",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "njs",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "2019-06-27"
},
{
"model": "njs",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"cve": "CVE-2020-19692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-19692",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-19692",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-19692",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-19692",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-166",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. F5 Networks of njs Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-19692"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "VULMON",
"id": "CVE-2020-19692"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-19692",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017925",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-166",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-19692",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-19692"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"id": "VAR-202304-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31666666
},
"last_update_date": "2025-02-20T22:50:58.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=232765"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/nginx/njs/issues/187"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19692"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-19692/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-19692"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-19692"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-19692"
},
{
"date": "2023-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"date": "2023-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"date": "2023-04-04T15:15:07.653000",
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-19692"
},
{
"date": "2023-11-15T03:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-017925"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-166"
},
{
"date": "2025-02-18T17:15:10.650000",
"db": "NVD",
"id": "CVE-2020-19692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5\u00a0Networks\u00a0 of \u00a0njs\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017925"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-166"
}
],
"trust": 0.6
}
}