ID CVE-2016-4450
Summary os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Nginx 1.10.0
    cpe:2.3:a:nginx:nginx:1.10.0
  • Nginx 1.11.0
    cpe:2.3:a:nginx:nginx:1.11.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 5.0 (as of 14-06-2016 - 09:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C329FC4C32.NASL
    description update to upstream release 1.10.1 to fix CVE-2016-4450 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2016-10-18
    plugin id 92155
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92155
    title Fedora 24 : 1:nginx (2016-c329fc4c32)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-06 (nginx: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition via a crafted packet. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2017-10-02
    plugin id 103587
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103587
    title GLSA-201606-06 : nginx: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-192.NASL
    description This update for nginx fixes the following vulnerability : - CVE-2016-4450: Remote attackers could have caused a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
    last seen 2018-09-01
    modified 2017-02-02
    plugin id 96943
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96943
    title openSUSE Security Update : nginx (openSUSE-2017-192)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_36CF7670277411E6AF29F0DEF16C5C1B.NASL
    description Maxim Dounin reports : A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.
    last seen 2018-09-02
    modified 2016-10-19
    plugin id 91399
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91399
    title FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-715.NASL
    description A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 91629
    published 2016-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91629
    title Amazon Linux AMI : nginx (ALAS-2016-715)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2991-1.NASL
    description It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 91451
    published 2016-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91451
    title Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-EA323BD6CF.NASL
    description fix CVE-2016-4450 ---- update to upstream release 1.8.1 to fix CVE-2016-4450 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2016-10-18
    plugin id 92194
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92194
    title Fedora 23 : 1:nginx (2016-ea323bd6cf)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3592.NASL
    description It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes.
    last seen 2018-09-01
    modified 2018-07-10
    plugin id 91431
    published 2016-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91431
    title Debian DSA-3592-1 : nginx - security update
  • NASL family Misc.
    NASL id ARISTA_EOS_SA0021.NASL
    description The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability in NGINX due to a NULL pointer dereference flaw in the ngx_chain_to_iovec() function within file os/unix/ngx_files.c when handling specially crafted requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request to write a client request body to a temporary file, to crash a worker process.
    last seen 2018-09-01
    modified 2018-08-09
    plugin id 107063
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107063
    title Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)
  • NASL family Web Servers
    NASL id NGINX_1_11_1.NASL
    description According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 1.10.1, or 1.11.x less than 1.11.1. It is, therefore, affected by a denial of service vulnerability
    last seen 2018-10-18
    modified 2018-10-16
    plugin id 118150
    published 2018-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118150
    title nginx < 1.10.1 / 1.11.x < 1.11.1 Denial-of-Service Vulnerability
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2016-0012.NASL
    description An update of [ linux , wget , vim , grub2 , zookeeper , nginx , dnsmasq , haproxy ] packages for PhotonOS has been released.
    last seen 2018-09-01
    modified 2018-08-17
    plugin id 111846
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111846
    title Photon OS 1.0: Dnsmasq / Grub2 / Haproxy / Linux / Nginx / Vim / Wget / Zookeeper PHSA-2016-0012
redhat via4
advisories
rhsa
id RHSA-2016:1425
refmap via4
bid 90967
debian DSA-3592
gentoo GLSA-201606-06
mlist [nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)
sectrack 1036019
ubuntu USN-2991-1
Last major update 28-11-2016 - 15:18
Published 07-06-2016 - 10:06
Last modified 04-01-2018 - 21:30
Back to Top