Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.
80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.
e298f65735c01199cc9782cb84a35d40ade27a44f1619154f005170a70f23d97Red Hat Security Advisory 2021-2290-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
1651d0dd6c4d8e6407c692a21c98162f056535fdccc533aa9812afe1ddf2044fRed Hat Security Advisory 2021-2278-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
0b6bda0bb5955a9bd2d171a0806989f7c74f4ffd35606ccdefe019cda34eb38cRed Hat Security Advisory 2021-2259-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
5ff90ade67bcdf00bb5c71748bc55906a7adddb89744b77059d1349f442d43f3Red Hat Security Advisory 2021-2258-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
07bb2c98530ba79d1573f2b391d4116590031c337af730da7f8910dced50d8feUbuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.
20572af334a8f1e1ee046ba9e037e28de9c8585c3e1753cd1216bebc3019b5beAn off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.
3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.
0f814519864a2c1f00e089303aebba070126d095871ca25d8c1a1514b228d000Red Hat Security Advisory 2020-5495-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.
662ff82ffc286989c26d768c1895ecb6e49567a23a05aa27edfa7ace5d971eedRed Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.
8532ff6109d76302c144b3361db60c0aa50758a60d06b2d79ebf30dee7c39f74This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.
b0bb267ae212db3146c03348b75e67574095c1e4c6cca10f25f575609f95bc2fUbuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.
f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcdUbuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.
8df57ba35c7fedb82e321a6da3798beb103782ba91f10bc8e528fd4217ddfa67Red Hat Security Advisory 2019-2799-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Issues addressed include a denial of service vulnerability.
6db2fc5ba5ae499fa0f7a4bbbc155d6d378588483e1d08e6c8fed16e216519c8Red Hat Security Advisory 2019-2775-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
563112f9aa5f6e29519ee4d5e8453954076952723b0dcf46e0231827777324baRed Hat Security Advisory 2019-2746-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
d98d71f0e6f8a7c11eaeb24675ee7f294833caa8ee363c3c52bb13f5b782bc94Red Hat Security Advisory 2019-2745-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
174cbd24fc1d2e93e73177950504374ebd0ed511c1661841094a7c2ba620ac1dDebian Linux Security Advisory 4505-1 - Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.
38817d6cbe881d7e08349f61c5c128eb23f57ca935723613ecd58131d5bef764Ubuntu Security Notice 4099-1 - Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.
865f978ed5a19c9067c988ea171367de190ac9dfa56f46fe0cb52abb57a87e0cRed Hat Security Advisory 2018-3681-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
edc156252a77c17ab32cdf45a40f9b72fed35d597c56732bf77fbcba569b8b86Red Hat Security Advisory 2018-3680-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
bf762c567899406a051f2a94d0eb8fc6de8342ac0ca6d42ea5ecab607fcc1426Red Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
cdf8832a2ee43f362646287957e86d0a848865e5cbce03448952aedf3e742e46Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
13d4d0dbcb52c25e093c1a22ae583ea2870ab00c6e2cac59c54802f4b830fccc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed