CVE-2013-4547 – Nginx 1.1.17 - URI Processing SecURIty Bypass
https://notcve.org/view.php?id=CVE-2013-4547
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx 0.8.41 hasta la versión 1.4.3 y 1.5.x anterior a la versión 1.5.7 permite a atacantes remotos evadir restricciones intencionadas a través de un carácter de espacio sin escape en una URI. • https://www.exploit-db.com/exploits/38846 https://github.com/cyberharsh/Nginx-CVE-2013-4547 http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html http://secunia.com/advisories/55757 http://secunia.com/advisor • CWE-116: Improper Encoding or Escaping of Output •
CVE-2013-0337
https://notcve.org/view.php?id=CVE-2013-0337
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. La configuración predeterminada de nginx, posiblemente versión 1.3.13 y anteriores, utiliza permisos de lectura global para los archivos (1) access.log y (2) error.log, que permite a usuarios locales obtener información sensible mediante la lectura de los archivos. • http://secunia.com/advisories/55181 http://security.gentoo.org/glsa/glsa-201310-04.xml http://www.openwall.com/lists/oss-security/2013/02/21/15 http://www.openwall.com/lists/oss-security/2013/02/22/1 http://www.openwall.com/lists/oss-security/2013/02/24/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-2070
https://notcve.org/view.php?id=CVE-2013-2070
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. http/modules/ngx_http_proxy_module.c en nginx v1.1.4 hasta v1.2.8 y v1.3.0 hasta v1.4.0, cuando proxy_pass es utilizado con servidores HTTP de no confianza, permite a atacantes remotos causar una denegación de servicio (caída) y obtener información sensible desde el proceso en memoria mediante una respuesta del proxy especialmente diseñada, una vulnerabilidad similar a CVE-2013-2028. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html http://nginx.org/download/patch.2013.proxy.txt http://seclists.org/oss-sec/2013/q2/291 http://secunia.com/advisories/55181 http://security.gentoo.org/glsa/glsa-201310-04.xml http://www.debian.org/security/2013/dsa-2721 http://www.openwall.com/lists/oss-security/2013/05/13/3 http://www.securityfocus.com/bid/59824 https:/& •
CVE-2013-2028 – Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. La función ngx_http_parse_chunked en http/ngx_http_parse.c en nginx v1.3.9 hasta v1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código arbitrario mediante una solicitud Transfer-Encoding (chunked) con un tamaño de chunk de gran longitud, lo que genera un error de "integer signedness" y un desbordamiento de búfer. Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/25499 https://www.exploit-db.com/exploits/25775 https://www.exploit-db.com/exploits/26737 https://www.exploit-db.com/exploits/32277 https://github.com/m4drat/CVE-2013-2028-Exploit https://github.com/Sunqiz/CVE-2013-2028-reproduction https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000112 • CWE-787: Out-of-bounds Write •