CVE-2012-1180
https://notcve.org/view.php?id=CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Una vulnerabilidad de uso después de liberación en nginx v1.0.14 y v1.1.x antes de v1.1.17 permite obtener información sensible de la memoria del proceso a servidores remotos de HTTP a través de una respuesta del backend modificada, junto con una petición de cliente. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://osvdb.org/80124 http://seclists.org/bugtraq/2012/Mar/65 http://secunia.com/advisories/48465 http://secunia.com/advisories/48577 http://security.gent • CWE-416: Use After Free •
CVE-2011-4315
https://notcve.org/view.php?id=CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Desbordamiento de búfer basado en memoria dinámica en el procesamiento de compresión puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de una respuesta larga. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html http://openwall.com/lists/oss-security/2011/11/17/10 http://openwall.com/lists/oss-security/2011/11/17/8 http://secunia.com/advisories/47097 http://secunia.com/advisories/48577 http://security.gentoo.org/glsa/glsa-201203-22.xml http://trac.nginx.org/nginx/changeset/4268/nginx http://www.nginx.org/en/CHANGES-1.0 • CWE-787: Out-of-bounds Write •
CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
https://notcve.org/view.php?id=CVE-2010-4180
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadamente la modificación del conjunto de cifrado en la caché de sesión, lo que permite a atacantes remotos forzar la degradación para un cifrado no destinado a través de vectores que involucran rastreo de tráfico de red para descubrir un identificador de sesión. • http://cvs.openssl.org/chngview?cn=20131 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html& •
CVE-2010-2263 – Nginx 0.8.36 - Source Disclosure / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2263
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. nginx 0.8 en versiones anteriores a la 0.8.40 y 0.7 en versiones anteriores a la 0.7.66, al ser ejecutado en Windows, permite a atacantes remotos obtener código fuente o contenido sin interpretar de ficheros de su elección que estén bajo la raíz de documentos web añadiendo ::$DATA a la URI. • https://www.exploit-db.com/exploits/13818 https://www.exploit-db.com/exploits/13822 http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html http://www.exploit-db.com/exploits/13818 http://www.exploit-db.com/exploits/13822 http://www.securityfocus.com/bid/40760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2266 – Nginx 0.8.36 - Source Disclosure / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2266
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. nginx v0.8.36 permite a atacantes remotos provocar una denegación de servicio (mediante caída de la aplicación) a través de ciertas secuencias codificadas de salto de directorio que provocan corrupción de memoria, como se demuestra usando la secuencia "%c0.%c0." . • https://www.exploit-db.com/exploits/13818 http://www.exploit-db.com/exploits/13818 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •