CVE-2013-2070
https://notcve.org/view.php?id=CVE-2013-2070
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. http/modules/ngx_http_proxy_module.c en nginx v1.1.4 hasta v1.2.8 y v1.3.0 hasta v1.4.0, cuando proxy_pass es utilizado con servidores HTTP de no confianza, permite a atacantes remotos causar una denegación de servicio (caída) y obtener información sensible desde el proceso en memoria mediante una respuesta del proxy especialmente diseñada, una vulnerabilidad similar a CVE-2013-2028. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html http://nginx.org/download/patch.2013.proxy.txt http://seclists.org/oss-sec/2013/q2/291 http://secunia.com/advisories/55181 http://security.gentoo.org/glsa/glsa-201310-04.xml http://www.debian.org/security/2013/dsa-2721 http://www.openwall.com/lists/oss-security/2013/05/13/3 http://www.securityfocus.com/bid/59824 https:/& •
CVE-2013-2028 – Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. La función ngx_http_parse_chunked en http/ngx_http_parse.c en nginx v1.3.9 hasta v1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código arbitrario mediante una solicitud Transfer-Encoding (chunked) con un tamaño de chunk de gran longitud, lo que genera un error de "integer signedness" y un desbordamiento de búfer. Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/25499 https://www.exploit-db.com/exploits/25775 https://www.exploit-db.com/exploits/26737 https://www.exploit-db.com/exploits/32277 https://github.com/m4drat/CVE-2013-2028-Exploit https://github.com/Sunqiz/CVE-2013-2028-reproduction https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000112 • CWE-787: Out-of-bounds Write •