The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of nginx

vulnerability bulletin CVE-2019-13617

nginx: buffer overflow via njs nxt_sprintf.c

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via njs nxt_sprintf.c of nginx, in order to trigger a denial of service, and possibly to run code.
Impacted products: nginx.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 17/07/2019.
Identifiers: 174, CVE-2019-13617, VIGILANCE-VUL-29803.

Description of the vulnerability

An attacker can trigger a buffer overflow via njs nxt_sprintf.c of nginx, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-12206 CVE-2019-12207 CVE-2019-12208

nginx: buffer overflow via njs

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via njs of nginx, in order to trigger a denial of service, and possibly to run code.
Impacted products: nginx.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/05/2019.
Identifiers: 162, 163, 168, CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, VIGILANCE-VUL-29368.

Description of the vulnerability

An attacker can trigger a buffer overflow via njs of nginx, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-16845

nginx: infinite loop via ngx_http_mp4_module

Synthesis of the vulnerability

An attacker can generate an infinite loop via ngx_http_mp4_module of nginx, in order to trigger a denial of service.
Impacted products: Debian, nginx, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 06/11/2018.
Identifiers: CERTFR-2018-AVI-535, CVE-2018-16845, DLA-1572-1, DSA-4335-1, openSUSE-SU-2019:0195-1, openSUSE-SU-2019:2120-1, RHSA-2018:3652-01, RHSA-2018:3653-01, RHSA-2018:3680-01, RHSA-2018:3681-01, SUSE-SU-2019:0334-1, SUSE-SU-2019:2309-1, USN-3812-1, VIGILANCE-VUL-27706.

Description of the vulnerability

An attacker can generate an infinite loop via ngx_http_mp4_module of nginx, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-16843 CVE-2018-16844

nginx: denial of service via ngx_http_v2_module

Synthesis of the vulnerability

An attacker can generate a fatal error via ngx_http_v2_module of nginx, in order to trigger a denial of service.
Impacted products: Debian, IBM API Connect, nginx, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/11/2018.
Identifiers: CERTFR-2018-AVI-535, CVE-2018-16843, CVE-2018-16844, DSA-4335-1, ibm10960610, openSUSE-SU-2019:0195-1, openSUSE-SU-2019:2120-1, RHSA-2018:3653-01, RHSA-2018:3680-01, RHSA-2018:3681-01, SUSE-SU-2019:0334-1, SUSE-SU-2019:2309-1, USN-3812-1, VIGILANCE-VUL-27705.

Description of the vulnerability

An attacker can generate a fatal error via ngx_http_v2_module of nginx, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7529

nginx: information disclosure via Ranges

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Ranges of nginx, in order to obtain sensitive information.
Impacted products: Debian, Fedora, nginx, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 12/07/2017.
Identifiers: CERTFR-2017-AVI-211, CVE-2017-7529, DLA-1024-1, DSA-3908-1, FEDORA-2017-aecd25b8a9, FEDORA-2017-c27a947af1, openSUSE-SU-2017:2003-1, openSUSE-SU-2018:0813-1, openSUSE-SU-2018:0823-1, RHSA-2017:2538-01, Synology-SA-17:27, USN-3352-1, VIGILANCE-VUL-23215.

Description of the vulnerability

An attacker can bypass access restrictions to data via Ranges of nginx, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1000104 CVE-2016-1000105 CVE-2016-1000107

Web servers: creating client queries via the Proxy header

Synthesis of the vulnerability

An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Impacted products: Apache httpd, Tomcat, Mac OS X, Debian, Drupal Core, VNX Operating Environment, VNX Series, eZ Publish, Fedora, HP-UX, QRadar SIEM, Junos Space, NSM Central Manager, NSMXpress, lighttpd, IIS, nginx, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Perl Module ~ not comprehensive, PHP, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, TrendMicro ServerProtect, TYPO3 Core, Ubuntu, Varnish.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/07/2016.
Identifiers: 1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-1883-1, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-2019-131, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896.

Description of the vulnerability

Most web servers support CGI scripts (PHP, Python, etc.).

According to the RFC 3875, when a web server receives a Proxy header, it has to create the HTTP_PROXY environment variable for CGI scripts.

However, this variable is also used to store the name of the proxy that web clients has to use. The PHP (via Guzzle, Artax, etc.) and Python scripts will thus use the proxy indicated in the web query for all client queries they will send during the CGI session.

An attacker can therefore send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Full Vigil@nce bulletin... (Free trial)

vulnerability 20030

nginx: denial of service via proxy_request_buffering

Synthesis of the vulnerability

An attacker can request nginx with HTTP version 2, in order to trigger a denial of service.
Impacted products: nginx.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/07/2016.
Identifiers: VIGILANCE-VUL-20030.

Description of the vulnerability

The nginx product is a web server.

However, when a client uses HTTP version 2 and proxy_request_buffering option is enabled, it raises a fatal error.

An attacker can request nginx with HTTP version 2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4450

nginx: NULL pointer dereference via ngx_files.c

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in nginx, in order to trigger a denial of service.
Impacted products: Debian, Fedora, nginx, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 01/06/2016.
Identifiers: CERTFR-2016-AVI-185, CVE-2016-4450, DSA-3592-1, FEDORA-2016-ea323bd6cf, openSUSE-SU-2017:0361-1, RHSA-2016:1425-01, USN-2991-1, VIGILANCE-VUL-19745.

Description of the vulnerability

The nginx product is a web server.

However, the src/os/unix/ngx_files.c file does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in nginx, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-0742 CVE-2016-0746 CVE-2016-0747

nginx: three vulnerabilities of the DNS client

Synthesis of the vulnerability

An attacker who controls a DNS server can use several vulnerabilities of nginx.
Impacted products: Debian, Fedora, nginx, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/01/2016.
Identifiers: CERTFR-2016-AVI-039, CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, DSA-3473-1, FEDORA-2016-bf03932bb3, FEDORA-2016-fd3428577d, openSUSE-SU-2016:0371-1, RHSA-2016:1425-01, USN-2892-1, VIGILANCE-VUL-18828.

Description of the vulnerability

Several vulnerabilities were announced in nginx.

An attacker can send a malicious packet, in order to make the server access an invalid memory address and so trigger a denial of service. [severity:2/4; CVE-2016-0742]

An attacker can force the usage of a freed memory area in the processing of response record of type CNAME, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0746]

An attacker can trigger an excessive resource use with responses of type CNAME, in order to trigger a denial of service. [severity:2/4; CVE-2016-0747]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 18213

nginx: use after free via HTTPv2

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in the HTTPv2 implementation of nginx, in order to trigger a denial of service, and possibly to run code.
Impacted products: nginx.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 29/10/2015.
Identifiers: VIGILANCE-VUL-18213.

Description of the vulnerability

The nginx product supports the HTTP version 2 protocol since nginx version 1.9.5.

However, when a PRI packet is received, the ngx_destroy_pool() function frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in the HTTPv2 implementation of nginx, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about nginx: