23 results (0.019 seconds)

CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. ALPACA es un ataque de confusión de contenido de protocolo de capa de aplicación, que explota servidores TLS que implementan diferentes protocolos pero que usan certificados compatibles, como certificados multidominio o comodín. Un atacante de tipo MiTM que tenga acceso al tráfico de la víctima en la capa TCP/IP puede redirigir el tráfico de un subdominio a otro, resultando en a una sesión TLS válida. • https://alpaca-attack.com https://bugzilla.redhat.com/show_bug.cgi?id=1975623 https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html • CWE-295: Improper Certificate Validation •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX versiones anteriores a 1.13.6, presenta un desbordamiento de búfer para los años que superan los cuatro dígitos, como es demostrado por un archivo con una fecha de modificación en 1969 que causa un desbordamiento de enteros (o una falsa fecha de modificación en el futuro), cuando es encontrado por el módulo autoindex • http://nginx.org/en/CHANGES https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html https://security.netapp.com/advisory/ntap-20210805-0006 https://trac.nginx.org/nginx/ticket/1368 • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.1EPSS: 37%CPEs: 25EXPL: 4

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Se identificó un problema de seguridad en el solucionador de nginx, que podría permitir a un atacante que pueda falsificar paquetes UDP desde el servidor DNS para causar una sobrescritura de memoria de 1 byte, lo que causaría un bloqueo del proceso de trabajo u otro impacto potencial A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Nginx version 1.20.0 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/50973 https://github.com/M507/CVE-2021-23017-PoC https://github.com/ShivamDey/CVE-2021-23017 https://github.com/lakshit1212/CVE-2021-23017-PoC http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E https://lists.apache.org/thread.html/r4d4966221ca399 • CWE-193: Off-by-one Error •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 3

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador de carga. • https://github.com/0xleft/CVE-2019-20372 https://github.com/vuongnv3389-sec/CVE-2019-20372 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html http://nginx.org/en/CHANGES http://seclists.org/fulldisclosure/2021/Sep/36 https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf https://duo.com/docs/dng-notes#version-1.5.4-january-2020 https://github.com/kubernetes/ingress-nginx/pull/4859 https://github.com/nginx/nginx/commit&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) El módulo nginx http proxy no comprueba la identidad de peer del servidor de origen https, lo que podría facilitar un ataque de tipo man-in-the-middle (MITM) • http://www.openwall.com/lists/oss-security/2013/01/03/8 http://www.securityfocus.com/bid/57139 https://access.redhat.com/security/cve/cve-2011-4968 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968 https://exchange.xforce.ibmcloud.com/vulnerabilities/80952 https://security-tracker.debian.org/tracker/CVE-2011-4968 • CWE-20: Improper Input Validation •