CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3618
https://notcve.org/view.php?id=CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. ALPACA es un ataque de confusión de contenido de protocolo de capa de aplicación, que explota servidores TLS que implementan diferentes protocolos pero que usan certificados compatibles, como certificados multidominio o comodín. Un atacante de tipo MiTM que tenga acceso al tráfico de la víctima en la capa TCP/IP puede redirigir el tráfico de un subdominio a otro, resultando en a una sesión TLS válida. • https://alpaca-attack.com https://bugzilla.redhat.com/show_bug.cgi?id=1975623 https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23008
https://notcve.org/view.php?id=CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En NGINX Controller API Management versiones 3.18.0-3.19.0, un atacante autenticado con acceso al rol "user" o "admin" puede usar endpoints de API no revelados en NGINX Controller API Management para inyectar código JavaScript que es ejecutado en instancias de plano de datos NGINX administradas. Nota: Las versiones de software que han alcanzado el Fin de Soporte Técnico (EoTS) no son evaluadas • https://support.f5.com/csp/article/K57735782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-42717
https://notcve.org/view.php?id=CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. ModSecurity versiones 3.x hasta 3.0.5, maneja inapropiadamente los objetos JSON excesivamente anidados. • https://github.com/EkamSinghWalia/Detection-and-Mitigation-script-for-CVE-2021-42717 https://lists.debian.org/debian-lts-announce/2022/05/msg00042.html https://www.debian.org/security/2021/dsa-5023 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-23050
https://notcve.org/view.php?id=CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3 y NGINX App Protect en todas las versiones anteriores a 3.5.0, cuando es configurado una política de tipo cross-site request forgery (CSRF) en un servidor virtual, una respuesta HTML no divulgada puede causar una finalización del proceso bd. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K44553214 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-20005
https://notcve.org/view.php?id=CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX versiones anteriores a 1.13.6, presenta un desbordamiento de búfer para los años que superan los cuatro dígitos, como es demostrado por un archivo con una fecha de modificación en 1969 que causa un desbordamiento de enteros (o una falsa fecha de modificación en el futuro), cuando es encontrado por el módulo autoindex • http://nginx.org/en/CHANGES https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html https://security.netapp.com/advisory/ntap-20210805-0006 https://trac.nginx.org/nginx/ticket/1368 • CWE-190: Integer Overflow or Wraparound •