var-201811-0986
Vulnerability from variot

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.

For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.

We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018

nginx vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in nginx.

Software Description: - nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)

Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)

It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1

Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2

Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3

Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:

An update for rh-nginx114-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).

Red Hat would like to thank the Nginx project for reporting these issues.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx114-nginx service must be restarted for this update to take effect.

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-09-20-4 Xcode 13

Xcode 13 addresses the following issues.

IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372

Installation note:

Xcode 13 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "Xcode 13"

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.14.1"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.15.0"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.15.6"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.9.5"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "nginx",
        "version": "1.0.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "nginx",
        "version": "1.0.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "nginx",
        "version": "1.0.7"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.14.1"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.15.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.0.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.0.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.0.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.15.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.14"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.13.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.12.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.11.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.11.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.11"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.10.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.10.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.9.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.9.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.9.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.9.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.8.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.7.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.6.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.13"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.4.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.16"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.14"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.11"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.2.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.18"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.17"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.6.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.6.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.11"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.5.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.4.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.4.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.4.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.4.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.13"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.3.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.2.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.19"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.16"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.14"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.13"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.11"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.10"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.1.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.0.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.0.14"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.0.13"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.0.12"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.0.10"
      },
      {
        "model": "nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.15.6"
      },
      {
        "model": "nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "nginx",
        "version": "1.14.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:igor_sysoev:nginx",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)",
    "sources": [
      {
        "db": "BID",
        "id": "105868"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-16844",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-16844",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-127244",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-16844",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secalert@redhat.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-16844",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-16844",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16844",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2018-16844",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16844",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-120",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-127244",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-16844",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  nginx-common                    1.15.5-0ubuntu2.1\n  nginx-core                      1.15.5-0ubuntu2.1\n  nginx-extras                    1.15.5-0ubuntu2.1\n  nginx-full                      1.15.5-0ubuntu2.1\n  nginx-light                     1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n  nginx-common                    1.14.0-0ubuntu1.2\n  nginx-core                      1.14.0-0ubuntu1.2\n  nginx-extras                    1.14.0-0ubuntu1.2\n  nginx-full                      1.14.0-0ubuntu1.2\n  nginx-light                     1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n  nginx-common                    1.10.3-0ubuntu0.16.04.3\n  nginx-core                      1.10.3-0ubuntu0.16.04.3\n  nginx-extras                    1.10.3-0ubuntu0.16.04.3\n  nginx-full                      1.10.3-0ubuntu0.16.04.3\n  nginx-light                     1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n  nginx-common                    1.4.6-1ubuntu3.9\n  nginx-core                      1.4.6-1ubuntu3.9\n  nginx-extras                    1.4.6-1ubuntu3.9\n  nginx-full                      1.4.6-1ubuntu3.9\n  nginx-light                     1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nginx114-nginx security update\nAdvisory ID:       RHSA-2018:3681-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:3681\nIssue date:        2018-11-27\nCVE Names:         CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "BID",
        "id": "105868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "db": "PACKETSTORM",
        "id": "150253"
      },
      {
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "db": "PACKETSTORM",
        "id": "150480"
      },
      {
        "db": "PACKETSTORM",
        "id": "150481"
      },
      {
        "db": "PACKETSTORM",
        "id": "164240"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16844",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "105868",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1042038",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164240",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3384",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0451",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3157",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042571",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-127244",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16844",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150253",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150480",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150481",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "db": "BID",
        "id": "105868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "PACKETSTORM",
        "id": "150253"
      },
      {
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "db": "PACKETSTORM",
        "id": "150480"
      },
      {
        "db": "PACKETSTORM",
        "id": "150481"
      },
      {
        "db": "PACKETSTORM",
        "id": "164240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "id": "VAR-201811-0986",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:51:22.194000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-4335",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2018/dsa-4335"
      },
      {
        "title": "USN-3812-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3812-1/"
      },
      {
        "title": "CVE-2018-16843, CVE-2018-16844",
        "trust": 0.8,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
      },
      {
        "title": "Nginx Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86627"
      },
      {
        "title": "Red Hat: Important: rh-nginx114-nginx security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183681 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: rh-nginx112-nginx security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183680 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: nginx vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3812-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347"
      },
      {
        "title": "Red Hat: CVE-2018-16844",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-16844"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1125",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1125"
      },
      {
        "title": "anitazhaochen.github.io",
        "trust": 0.1,
        "url": "https://github.com/anitazhaochen/anitazhaochen.github.io "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844"
      },
      {
        "trust": 2.0,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
      },
      {
        "trust": 2.0,
        "url": "https://usn.ubuntu.com/3812-1/"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:3680"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:3681"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105868"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht212818"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2018/dsa-4335"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/sep/36"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1042038"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75522"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212818"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2018-16843"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2018-16844"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2018-16845"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.3,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nginx"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3812-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212818."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "BID",
        "id": "105868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "PACKETSTORM",
        "id": "150253"
      },
      {
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "db": "PACKETSTORM",
        "id": "150480"
      },
      {
        "db": "PACKETSTORM",
        "id": "150481"
      },
      {
        "db": "PACKETSTORM",
        "id": "164240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "db": "BID",
        "id": "105868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "db": "PACKETSTORM",
        "id": "150253"
      },
      {
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "db": "PACKETSTORM",
        "id": "150480"
      },
      {
        "db": "PACKETSTORM",
        "id": "150481"
      },
      {
        "db": "PACKETSTORM",
        "id": "164240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "date": "2018-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "date": "2018-11-06T00:00:00",
        "db": "BID",
        "id": "105868"
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "date": "2018-11-12T16:57:53",
        "db": "PACKETSTORM",
        "id": "150253"
      },
      {
        "date": "2018-11-07T17:35:27",
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "date": "2018-11-27T17:24:35",
        "db": "PACKETSTORM",
        "id": "150480"
      },
      {
        "date": "2018-11-27T17:24:48",
        "db": "PACKETSTORM",
        "id": "150481"
      },
      {
        "date": "2021-09-22T16:28:58",
        "db": "PACKETSTORM",
        "id": "164240"
      },
      {
        "date": "2018-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "date": "2018-11-07T14:29:00.837000",
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-127244"
      },
      {
        "date": "2022-02-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16844"
      },
      {
        "date": "2018-11-06T00:00:00",
        "db": "BID",
        "id": "105868"
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      },
      {
        "date": "2024-11-21T03:53:25.810000",
        "db": "NVD",
        "id": "CVE-2018-16844"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx Vulnerable to resource exhaustion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011776"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-120"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.