var-201811-0986
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.14.1"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.15.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.15.6"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.0.7"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.14.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.15.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.0.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.13.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.6"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14.1"
}
],
"sources": [
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)",
"sources": [
{
"db": "BID",
"id": "105868"
}
],
"trust": 0.3
},
"cve": "CVE-2018-16844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16844",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-127244",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16844",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16844",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-16844",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16844",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-120",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-127244",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-16844",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2018:3681-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3681\nIssue date: 2018-11-27\nCVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16844",
"trust": 3.4
},
{
"db": "BID",
"id": "105868",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1042038",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0451",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042571",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-127244",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150480",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150481",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"id": "VAR-201811-0986",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127244"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:51:22.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4335",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"title": "USN-3812-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"title": "CVE-2018-16843, CVE-2018-16844",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
},
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86627"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183681 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183680 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3812-1"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347"
},
{
"title": "Red Hat: CVE-2018-16844",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-16844"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1125",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1125"
},
{
"title": "anitazhaochen.github.io",
"trust": 0.1,
"url": "https://github.com/anitazhaochen/anitazhaochen.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844"
},
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
},
{
"trust": 2.0,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3680"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3681"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105868"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1042038"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75522"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042571"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-16843"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-16844"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-16845"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3812-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127244"
},
{
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-127244"
},
{
"date": "2018-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868"
},
{
"date": "2019-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"date": "2018-11-12T16:57:53",
"db": "PACKETSTORM",
"id": "150253"
},
{
"date": "2018-11-07T17:35:27",
"db": "PACKETSTORM",
"id": "150214"
},
{
"date": "2018-11-27T17:24:35",
"db": "PACKETSTORM",
"id": "150480"
},
{
"date": "2018-11-27T17:24:48",
"db": "PACKETSTORM",
"id": "150481"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2018-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"date": "2018-11-07T14:29:00.837000",
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-127244"
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16844"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868"
},
{
"date": "2019-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011776"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-120"
},
{
"date": "2024-11-21T03:53:25.810000",
"db": "NVD",
"id": "CVE-2018-16844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "150214"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-120"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.