CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver
https://notcve.org/view.php?id=CVE-2016-0747
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso trabajador) a través de vectores relacionados con la resolución de nombre arbitrario. It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302589 https://security.gentoo • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-0742 – nginx: invalid pointer dereference in resolver
https://notcve.org/view.php?id=CVE-2016-0742
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver
https://notcve.org/view.php?id=CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso worker) o que tengan otro tipo de impacto sin especificar mediante una respuesta DNS relacionada con el procesamiento de respuestas CNAME. A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302588 https://security.gentoo • CWE-416: Use After Free •
CVE-2014-3616
https://notcve.org/view.php?id=CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. nginx 0.5.6 hasta 1.7.4, cuando utiliza el mismo ssl_session_cache o ssl_session_ticket_key compartido para múltiples servidores, puede reutilizar una sesión SSL en caché para un contexto no relacionado, lo que permite a atacantes remotos con ciertos privilegios realizar ataques de 'confusión de anfitriones virtuales'. • http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html http://www.debian.org/security/2014/dsa-3029 • CWE-613: Insufficient Session Expiration •
CVE-2013-4547 – Nginx 1.1.17 - URI Processing SecURIty Bypass
https://notcve.org/view.php?id=CVE-2013-4547
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx 0.8.41 hasta la versión 1.4.3 y 1.5.x anterior a la versión 1.5.7 permite a atacantes remotos evadir restricciones intencionadas a través de un carácter de espacio sin escape en una URI. • https://www.exploit-db.com/exploits/38846 https://github.com/cyberharsh/Nginx-CVE-2013-4547 http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html http://secunia.com/advisories/55757 http://secunia.com/advisor • CWE-116: Improper Encoding or Escaping of Output •