cve-2009-2629

Vulnerability from cvelistv5

Published

2009-09-15 22:00

Modified

2024-08-07 05:59

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://nginx.net/CHANGES	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.5	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.6	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.7	Release Notes, Vendor Advisory
cret@cert.org	http://sysoev.ru/nginx/patch.180065.txt	Broken Link
cret@cert.org	http://www.debian.org/security/2009/dsa-1884	Third Party Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/180065	Third Party Advisory, US Government Resource
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	Third Party Advisory
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	Third Party Advisory
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.5	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.6	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.7	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sysoev.ru/nginx/patch.180065.txt	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1884	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/180065	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:59:56.363Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "VU#180065",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/180065",
               },
               {
                  name: "FEDORA-2009-12750",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nginx.net/CHANGES-0.7",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nginx.net/CHANGES",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sysoev.ru/nginx/patch.180065.txt",
               },
               {
                  name: "DSA-1884",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1884",
               },
               {
                  name: "FEDORA-2009-12775",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
               },
               {
                  name: "FEDORA-2009-12782",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nginx.net/CHANGES-0.5",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nginx.net/CHANGES-0.6",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-09-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-12-17T10:00:00",
            orgId: "37e5125f-f79b-445b-8fad-9564f167944b",
            shortName: "certcc",
         },
         references: [
            {
               name: "VU#180065",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/180065",
            },
            {
               name: "FEDORA-2009-12750",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nginx.net/CHANGES-0.7",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nginx.net/CHANGES",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sysoev.ru/nginx/patch.180065.txt",
            },
            {
               name: "DSA-1884",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1884",
            },
            {
               name: "FEDORA-2009-12775",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
            },
            {
               name: "FEDORA-2009-12782",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nginx.net/CHANGES-0.5",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nginx.net/CHANGES-0.6",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               ID: "CVE-2009-2629",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "VU#180065",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/180065",
                  },
                  {
                     name: "FEDORA-2009-12750",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
                  },
                  {
                     name: "http://nginx.net/CHANGES-0.7",
                     refsource: "CONFIRM",
                     url: "http://nginx.net/CHANGES-0.7",
                  },
                  {
                     name: "http://nginx.net/CHANGES",
                     refsource: "CONFIRM",
                     url: "http://nginx.net/CHANGES",
                  },
                  {
                     name: "http://sysoev.ru/nginx/patch.180065.txt",
                     refsource: "CONFIRM",
                     url: "http://sysoev.ru/nginx/patch.180065.txt",
                  },
                  {
                     name: "DSA-1884",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2009/dsa-1884",
                  },
                  {
                     name: "FEDORA-2009-12775",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
                  },
                  {
                     name: "FEDORA-2009-12782",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
                  },
                  {
                     name: "http://nginx.net/CHANGES-0.5",
                     refsource: "CONFIRM",
                     url: "http://nginx.net/CHANGES-0.5",
                  },
                  {
                     name: "http://nginx.net/CHANGES-0.6",
                     refsource: "CONFIRM",
                     url: "http://nginx.net/CHANGES-0.6",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b",
      assignerShortName: "certcc",
      cveId: "CVE-2009-2629",
      datePublished: "2009-09-15T22:00:00",
      dateReserved: "2009-07-28T00:00:00",
      dateUpdated: "2024-08-07T05:59:56.363Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2009-2629\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2009-09-15T22:30:00.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de búfer inferior en src/http/ngx_http_parse.c en nginx v0.1.0 a la v0.5.37, v0.6.x a la v0.6.39, v0.7.x a la v0.7.62, y v0.8.x anterior a v0.8.15, permite a atacantes ejecutar código de su elección a través de peticiones HTTP manipuladas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.1.0\",\"versionEndExcluding\":\"0.5.38\",\"matchCriteriaId\":\"F0DE2A3E-F210-4B55-900A-13C309891E3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.6.0\",\"versionEndExcluding\":\"0.6.39\",\"matchCriteriaId\":\"692B1E17-4FB8-484E-85D2-4E90641268F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.7.0\",\"versionEndExcluding\":\"0.7.62\",\"matchCriteriaId\":\"587F3642-4CB9-4D61-A5C9-55D7D172D96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.8.0\",\"versionEndExcluding\":\"0.8.15\",\"matchCriteriaId\":\"93F18982-44F0-4A93-9A6A-D857E1577A5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7000D33B-F3C7-43E8-8FC7-9B97AADC3E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44669D7-6C1E-4844-B78A-73E253A7CC17\"}]}]}],\"references\":[{\"url\":\"http://nginx.net/CHANGES\",\"source\":\"cret@cert.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.5\",\"source\":\"cret@cert.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.6\",\"source\":\"cret@cert.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.7\",\"source\":\"cret@cert.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://sysoev.ru/nginx/patch.180065.txt\",\"source\":\"cret@cert.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1884\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/180065\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://nginx.net/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://nginx.net/CHANGES-0.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://sysoev.ru/nginx/patch.180065.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/180065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}

gsd-2009-2629

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2629

Aliases

CVE-2009-2629

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2009-2629",
      description: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
      id: "GSD-2009-2629",
      references: [
         "https://www.debian.org/security/2009/dsa-1884",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2009-2629",
         ],
         details: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
         id: "GSD-2009-2629",
         modified: "2023-12-13T01:19:46.139398Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cert@cert.org",
            ID: "CVE-2009-2629",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "VU#180065",
                  refsource: "CERT-VN",
                  url: "http://www.kb.cert.org/vuls/id/180065",
               },
               {
                  name: "FEDORA-2009-12750",
                  refsource: "FEDORA",
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
               },
               {
                  name: "http://nginx.net/CHANGES-0.7",
                  refsource: "CONFIRM",
                  url: "http://nginx.net/CHANGES-0.7",
               },
               {
                  name: "http://nginx.net/CHANGES",
                  refsource: "CONFIRM",
                  url: "http://nginx.net/CHANGES",
               },
               {
                  name: "http://sysoev.ru/nginx/patch.180065.txt",
                  refsource: "CONFIRM",
                  url: "http://sysoev.ru/nginx/patch.180065.txt",
               },
               {
                  name: "DSA-1884",
                  refsource: "DEBIAN",
                  url: "http://www.debian.org/security/2009/dsa-1884",
               },
               {
                  name: "FEDORA-2009-12775",
                  refsource: "FEDORA",
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
               },
               {
                  name: "FEDORA-2009-12782",
                  refsource: "FEDORA",
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
               },
               {
                  name: "http://nginx.net/CHANGES-0.5",
                  refsource: "CONFIRM",
                  url: "http://nginx.net/CHANGES-0.5",
               },
               {
                  name: "http://nginx.net/CHANGES-0.6",
                  refsource: "CONFIRM",
                  url: "http://nginx.net/CHANGES-0.6",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.5.38",
                        versionStartIncluding: "0.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.6.39",
                        versionStartIncluding: "0.6.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.7.62",
                        versionStartIncluding: "0.7.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.8.15",
                        versionStartIncluding: "0.8.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               ID: "CVE-2009-2629",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-787",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://nginx.net/CHANGES-0.6",
                     refsource: "CONFIRM",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "http://nginx.net/CHANGES-0.6",
                  },
                  {
                     name: "http://nginx.net/CHANGES-0.7",
                     refsource: "CONFIRM",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "http://nginx.net/CHANGES-0.7",
                  },
                  {
                     name: "DSA-1884",
                     refsource: "DEBIAN",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "http://www.debian.org/security/2009/dsa-1884",
                  },
                  {
                     name: "http://nginx.net/CHANGES-0.5",
                     refsource: "CONFIRM",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "http://nginx.net/CHANGES-0.5",
                  },
                  {
                     name: "VU#180065",
                     refsource: "CERT-VN",
                     tags: [
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "http://www.kb.cert.org/vuls/id/180065",
                  },
                  {
                     name: "http://sysoev.ru/nginx/patch.180065.txt",
                     refsource: "CONFIRM",
                     tags: [
                        "Broken Link",
                     ],
                     url: "http://sysoev.ru/nginx/patch.180065.txt",
                  },
                  {
                     name: "http://nginx.net/CHANGES",
                     refsource: "CONFIRM",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "http://nginx.net/CHANGES",
                  },
                  {
                     name: "FEDORA-2009-12775",
                     refsource: "FEDORA",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
                  },
                  {
                     name: "FEDORA-2009-12750",
                     refsource: "FEDORA",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
                  },
                  {
                     name: "FEDORA-2009-12782",
                     refsource: "FEDORA",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "HIGH",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2021-11-10T15:52Z",
         publishedDate: "2009-09-15T22:30Z",
      },
   },
}

fkie_cve-2009-2629

Vulnerability from fkie_nvd

Published

2009-09-15 22:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://nginx.net/CHANGES	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.5	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.6	Release Notes, Vendor Advisory
cret@cert.org	http://nginx.net/CHANGES-0.7	Release Notes, Vendor Advisory
cret@cert.org	http://sysoev.ru/nginx/patch.180065.txt	Broken Link
cret@cert.org	http://www.debian.org/security/2009/dsa-1884	Third Party Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/180065	Third Party Advisory, US Government Resource
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	Third Party Advisory
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	Third Party Advisory
cret@cert.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.5	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.6	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nginx.net/CHANGES-0.7	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sysoev.ru/nginx/patch.180065.txt	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1884	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/180065	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	Third Party Advisory

Impacted products

Vendor	Product	Version
f5	nginx	*
f5	nginx	*
f5	nginx	*
f5	nginx	*
debian	debian_linux	4.0
debian	debian_linux	5.0
debian	debian_linux	6.0
fedoraproject	fedora	10
fedoraproject	fedora	11
fedoraproject	fedora	12

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0DE2A3E-F210-4B55-900A-13C309891E3E",
                     versionEndExcluding: "0.5.38",
                     versionStartIncluding: "0.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "692B1E17-4FB8-484E-85D2-4E90641268F5",
                     versionEndExcluding: "0.6.39",
                     versionStartIncluding: "0.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "587F3642-4CB9-4D61-A5C9-55D7D172D96D",
                     versionEndExcluding: "0.7.62",
                     versionStartIncluding: "0.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93F18982-44F0-4A93-9A6A-D857E1577A5B",
                     versionEndExcluding: "0.8.15",
                     versionStartIncluding: "0.8.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
                     matchCriteriaId: "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "E44669D7-6C1E-4844-B78A-73E253A7CC17",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer inferior en src/http/ngx_http_parse.c en nginx v0.1.0 a la v0.5.37, v0.6.x a la v0.6.39, v0.7.x a la v0.7.62, y v0.8.x anterior a v0.8.15, permite a atacantes ejecutar código de su elección a través de peticiones HTTP manipuladas.",
      },
   ],
   id: "CVE-2009-2629",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-09-15T22:30:00.233",
   references: [
      {
         source: "cret@cert.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.5",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.6",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.7",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Broken Link",
         ],
         url: "http://sysoev.ru/nginx/patch.180065.txt",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2009/dsa-1884",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/180065",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "http://nginx.net/CHANGES-0.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sysoev.ru/nginx/patch.180065.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2009/dsa-1884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/180065",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
      },
   ],
   sourceIdentifier: "cret@cert.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-f36r-j88j-6j27

Vulnerability from github

Published

2022-05-02 03:37

Modified

2022-05-02 03:37

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2009-2629",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-787",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2009-09-15T22:30:00Z",
      severity: "HIGH",
   },
   details: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.",
   id: "GHSA-f36r-j88j-6j27",
   modified: "2022-05-02T03:37:07Z",
   published: "2022-05-02T03:37:07Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2629",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
      },
      {
         type: "WEB",
         url: "http://nginx.net/CHANGES",
      },
      {
         type: "WEB",
         url: "http://nginx.net/CHANGES-0.5",
      },
      {
         type: "WEB",
         url: "http://nginx.net/CHANGES-0.6",
      },
      {
         type: "WEB",
         url: "http://nginx.net/CHANGES-0.7",
      },
      {
         type: "WEB",
         url: "http://sysoev.ru/nginx/patch.180065.txt",
      },
      {
         type: "WEB",
         url: "http://www.debian.org/security/2009/dsa-1884",
      },
      {
         type: "WEB",
         url: "http://www.kb.cert.org/vuls/id/180065",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62

Description

Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.

Workaround

There is no known workaround at this time.

Resolution

All nginx 0.5.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38

All nginx 0.6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39

All nginx 0.7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62

References

[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200909-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq

Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629

Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.

For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.

For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.

We recommend that you upgrade your nginx packages.

Upgrade instructions

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Debian (oldstable)

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433

Debian GNU/Linux 5.0 alias lenny

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "linux",
            scope: "eq",
            trust: 1.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 1,
            vendor: "f5",
            version: "0.6.39",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 1,
            vendor: "f5",
            version: "0.5.38",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "10",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "0.6.0",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 1,
            vendor: "f5",
            version: "0.8.15",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "11",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "12",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "0.1.0",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "0.8.0",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 1,
            vendor: "f5",
            version: "0.7.62",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "0.7.0",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "debian gnu linux",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "gentoo linux",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "nginx",
            version: null,
         },
         {
            model: "nginx",
            scope: "lte",
            trust: 0.8,
            vendor: "igor sysoev",
            version: "0.1.0 from  0.5.37",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 0.8,
            vendor: "igor sysoev",
            version: "0.6.39 earlier",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 0.8,
            vendor: "igor sysoev",
            version: "0.7.62 earlier",
         },
         {
            model: "nginx",
            scope: "lt",
            trust: 0.8,
            vendor: "igor sysoev",
            version: "0.8.15 earlier",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.5",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.4",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.8",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.7",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.6",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.9",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.1",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.2",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.3",
         },
         {
            model: "nginx",
            scope: "eq",
            trust: 0.6,
            vendor: "nginx",
            version: "0.1.10",
         },
         {
            model: "sysoev nginx",
            scope: "eq",
            trust: 0.3,
            vendor: "igor",
            version: "0.8.14",
         },
         {
            model: "sysoev nginx",
            scope: "eq",
            trust: 0.3,
            vendor: "igor",
            version: "0.7.61",
         },
         {
            model: "sysoev nginx",
            scope: "eq",
            trust: 0.3,
            vendor: "igor",
            version: "0.6.38",
         },
         {
            model: "sysoev nginx",
            scope: "eq",
            trust: 0.3,
            vendor: "igor",
            version: "0.5.37",
         },
         {
            model: "sysoev nginx",
            scope: "eq",
            trust: 0.3,
            vendor: "igor",
            version: "0",
         },
         {
            model: "linux",
            scope: null,
            trust: 0.3,
            vendor: "gentoo",
            version: null,
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux s/390",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux mipsel",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux mips",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux m68k",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux ia-64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux ia-32",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux hppa",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux armel",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux alpha",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux s/390",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux mipsel",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux mips",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux m68k",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux ia-64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux ia-32",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux hppa",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "linux armel",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "sysoev nginx",
            scope: "ne",
            trust: 0.3,
            vendor: "igor",
            version: "0.8.15",
         },
         {
            model: "sysoev nginx",
            scope: "ne",
            trust: 0.3,
            vendor: "igor",
            version: "0.7.62",
         },
         {
            model: "sysoev nginx",
            scope: "ne",
            trust: 0.3,
            vendor: "igor",
            version: "0.6.39",
         },
         {
            model: "sysoev nginx",
            scope: "ne",
            trust: 0.3,
            vendor: "igor",
            version: "0.5.38",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:igor_sysoev:nginx",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Chris Ries",
      sources: [
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
      ],
      trust: 0.9,
   },
   cve: "CVE-2009-2629",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2009-2629",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 1.8,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "VHN-40075",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2009-2629",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#180065",
                  trust: 0.8,
                  value: "4.22",
               },
               {
                  author: "NVD",
                  id: "CVE-2009-2629",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200909-302",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-40075",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package            /  Vulnerable  /                    Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/nginx      < 0.7.62                        *>= 0.5.38\n                                                            *>= 0.6.39\n                                                             >= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n  [ 1 ] CVE-2009-2629\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1                    security@debian.org\nhttp://www.debian.org/security/                                 Nico Golde\nSeptember 14th, 2009                    http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage        : nginx\nVulnerability  : buffer underflow\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n    Size/MD5 checksum:   436610 d385a1e7a23020d421531818d5606b5b\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n    Size/MD5 checksum:     6578 db07ea3610574b7561cbedef09a51bf2\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n    Size/MD5 checksum:      618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n    Size/MD5 checksum:   211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n    Size/MD5 checksum:   195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n    Size/MD5 checksum:   187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n    Size/MD5 checksum:   205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n    Size/MD5 checksum:   184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n    Size/MD5 checksum:   278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n    Size/MD5 checksum:   208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n    Size/MD5 checksum:   207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n    Size/MD5 checksum:   186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n    Size/MD5 checksum:   199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n    Size/MD5 checksum:   185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n    Size/MD5 checksum:     1238 41197ff9eca3cb3707ca5eff5e431183\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n    Size/MD5 checksum:    10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n    Size/MD5 checksum:   522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n    Size/MD5 checksum:   297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n    Size/MD5 checksum:   268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n    Size/MD5 checksum:   251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n    Size/MD5 checksum:   282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n    Size/MD5 checksum:   253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n    Size/MD5 checksum:   420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n    Size/MD5 checksum:   283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n    Size/MD5 checksum:   283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n    Size/MD5 checksum:   276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n    Size/MD5 checksum:   256778 df6a47fe174736468910a4166fe0a064\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            db: "PACKETSTORM",
            id: "81284",
         },
      ],
      trust: 2.88,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-40075",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#180065",
            trust: 3.6,
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
            trust: 3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
            trust: 0.7,
         },
         {
            db: "BID",
            id: "36384",
            trust: 0.4,
         },
         {
            db: "PACKETSTORM",
            id: "81454",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "81284",
            trust: 0.2,
         },
         {
            db: "SEEBUG",
            id: "SSVID-87569",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-69732",
            trust: 0.1,
         },
         {
            db: "EXPLOIT-DB",
            id: "14830",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            db: "PACKETSTORM",
            id: "81284",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   id: "VAR-200909-0576",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T23:06:37.602000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://nginx.net/",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1.1,
         },
         {
            problemtype: "CWE-119",
            trust: 0.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.8,
            url: "http://www.kb.cert.org/vuls/id/180065",
         },
         {
            trust: 2.5,
            url: "http://www.debian.org/security/2009/dsa-1884",
         },
         {
            trust: 2,
            url: "http://nginx.net/changes-0.5",
         },
         {
            trust: 2,
            url: "http://nginx.net/changes-0.6",
         },
         {
            trust: 2,
            url: "http://nginx.net/changes-0.7",
         },
         {
            trust: 1.7,
            url: "http://sysoev.ru/nginx/patch.180065.txt",
         },
         {
            trust: 1.7,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html",
         },
         {
            trust: 1.7,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html",
         },
         {
            trust: 1.7,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html",
         },
         {
            trust: 1.4,
            url: "http://nginx.net/changes",
         },
         {
            trust: 0.9,
            url: "http://security.gentoo.org/glsa/glsa-200909-18.xml",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629",
         },
         {
            trust: 0.8,
            url: "about vulnerability notes",
         },
         {
            trust: 0.8,
            url: "contact us about this vulnerability",
         },
         {
            trust: 0.8,
            url: "provide a vendor statement",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnvu180065/",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629",
         },
         {
            trust: 0.3,
            url: "http://nginx.org/",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-2629",
         },
         {
            trust: 0.1,
            url: "http://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "http://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz",
         },
         {
            trust: 0.1,
            url: "http://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/",
         },
         {
            trust: 0.1,
            url: "http://packages.debian.org/<pkg>",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            db: "PACKETSTORM",
            id: "81284",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            db: "BID",
            id: "36384",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            db: "PACKETSTORM",
            id: "81284",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-09-15T00:00:00",
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            date: "2009-09-15T00:00:00",
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            date: "2009-09-14T00:00:00",
            db: "BID",
            id: "36384",
         },
         {
            date: "2009-10-28T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            date: "2009-09-19T16:50:46",
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            date: "2009-09-15T04:05:55",
            db: "PACKETSTORM",
            id: "81284",
         },
         {
            date: "2009-09-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            date: "2009-09-15T22:30:00.233000",
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-09-21T00:00:00",
            db: "CERT/CC",
            id: "VU#180065",
         },
         {
            date: "2021-11-10T00:00:00",
            db: "VULHUB",
            id: "VHN-40075",
         },
         {
            date: "2015-05-07T17:02:00",
            db: "BID",
            id: "36384",
         },
         {
            date: "2009-10-28T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-002152",
         },
         {
            date: "2023-05-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
         {
            date: "2024-11-21T01:05:20.130000",
            db: "NVD",
            id: "CVE-2009-2629",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "81454",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#180065",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200909-302",
         },
      ],
      trust: 0.6,
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-2629

Vulnerability from cvelistv5

gsd-2009-2629

Vulnerability from gsd

fkie_cve-2009-2629

Vulnerability from fkie_nvd

ghsa-f36r-j88j-6j27

Vulnerability from github

var-200909-0576

Vulnerability from variot

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature