Details of VAR-200909-0576

ID

VAR-200909-0576

CVE

CVE-2009-2629

TITLE

Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

Trust: 0.8

sources: CERT/CC: VU#180065

DESCRIPTION

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 0.7.62 *>= 0.5.38 *>= 0.6.39 >= 0.7.62 Description =========== Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx 0.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38 All nginx 0.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39 All nginx 0.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62 References ========== [ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2009-2629 // CERT/CC: VU#180065 // JVNDB: JVNDB-2009-002152 // BID: 36384 // VULHUB: VHN-40075 // PACKETSTORM: 81454 // PACKETSTORM: 81284

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 1.3
vendor:	f5	model:	nginx	scope:	gte	version:	0.8.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	0.8.15	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	0.6.39	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.6.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	11	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	0.7.62	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	12	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	10	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.7.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	0.5.38	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.1.0	Trust: 1.0
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	lte	version:	0.1.0 from 0.5.37	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	lt	version:	0.6.39 earlier	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	lt	version:	0.7.62 earlier	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	lt	version:	0.8.15 earlier	Trust: 0.8
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.5	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.4	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.8	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.7	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.6	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.9	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.1	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.2	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.3	Trust: 0.6
vendor:	nginx	model:	nginx	scope:	eq	version:	0.1.10	Trust: 0.6
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.8.14	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.7.61	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.6.38	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.5.37	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	ne	version:	0.8.15	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	ne	version:	0.7.62	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	ne	version:	0.6.39	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	ne	version:	0.5.38	Trust: 0.3

sources: CERT/CC: VU#180065 // BID: 36384 // JVNDB: JVNDB-2009-002152 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2629
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#180065
value:	4.22
Trust: 0.8
NVD:	CVE-2009-2629
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200909-302
value:	HIGH
Trust: 0.6
VULHUB:	VHN-40075
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-2629
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-40075
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#180065 // VULHUB: VHN-40075 // JVNDB: JVNDB-2009-002152 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-40075 // JVNDB: JVNDB-2009-002152 // NVD: CVE-2009-2629

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 81454 // CNNVD: CNNVD-200909-302

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200909-302

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002152

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-40075

PATCH

title:

Top Page

url:

http://nginx.net/

Trust: 0.8

sources: JVNDB: JVNDB-2009-002152

EXTERNAL IDS

db:	CERT/CC	id:	VU#180065	Trust: 3.6
db:	NVD	id:	CVE-2009-2629	Trust: 3.0
db:	JVNDB	id:	JVNDB-2009-002152	Trust: 0.8
db:	CNNVD	id:	CNNVD-200909-302	Trust: 0.7
db:	BID	id:	36384	Trust: 0.4
db:	PACKETSTORM	id:	81454	Trust: 0.2
db:	PACKETSTORM	id:	81284	Trust: 0.2
db:	SEEBUG	id:	SSVID-87569	Trust: 0.1
db:	SEEBUG	id:	SSVID-69732	Trust: 0.1
db:	EXPLOIT-DB	id:	14830	Trust: 0.1
db:	VULHUB	id:	VHN-40075	Trust: 0.1

sources: CERT/CC: VU#180065 // VULHUB: VHN-40075 // BID: 36384 // JVNDB: JVNDB-2009-002152 // PACKETSTORM: 81454 // PACKETSTORM: 81284 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

REFERENCES

url:	http://www.kb.cert.org/vuls/id/180065	Trust: 2.8
url:	http://www.debian.org/security/2009/dsa-1884	Trust: 2.5
url:	http://nginx.net/changes-0.5	Trust: 2.0
url:	http://nginx.net/changes-0.6	Trust: 2.0
url:	http://nginx.net/changes-0.7	Trust: 2.0
url:	http://sysoev.ru/nginx/patch.180065.txt	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html	Trust: 1.7
url:	http://nginx.net/changes	Trust: 1.4
url:	http://security.gentoo.org/glsa/glsa-200909-18.xml	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629	Trust: 0.9
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu180065/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629	Trust: 0.8
url:	http://nginx.org/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2629	Trust: 0.2
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/	Trust: 0.1
url:	http://packages.debian.org/<pkg>	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb	Trust: 0.1

CREDITS

Chris Ries

Trust: 0.9

sources: BID: 36384 // CNNVD: CNNVD-200909-302

SOURCES

db:	CERT/CC	id:	VU#180065
db:	VULHUB	id:	VHN-40075
db:	BID	id:	36384
db:	JVNDB	id:	JVNDB-2009-002152
db:	PACKETSTORM	id:	81454
db:	PACKETSTORM	id:	81284
db:	CNNVD	id:	CNNVD-200909-302
db:	NVD	id:	CVE-2009-2629

LAST UPDATE DATE

2024-08-14T15:14:24.921000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#180065	date:	2009-09-21T00:00:00
db:	VULHUB	id:	VHN-40075	date:	2021-11-10T00:00:00
db:	BID	id:	36384	date:	2015-05-07T17:02:00
db:	JVNDB	id:	JVNDB-2009-002152	date:	2009-10-28T00:00:00
db:	CNNVD	id:	CNNVD-200909-302	date:	2023-05-15T00:00:00
db:	NVD	id:	CVE-2009-2629	date:	2021-11-10T15:52:54.030

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#180065	date:	2009-09-15T00:00:00
db:	VULHUB	id:	VHN-40075	date:	2009-09-15T00:00:00
db:	BID	id:	36384	date:	2009-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2009-002152	date:	2009-10-28T00:00:00
db:	PACKETSTORM	id:	81454	date:	2009-09-19T16:50:46
db:	PACKETSTORM	id:	81284	date:	2009-09-15T04:05:55
db:	CNNVD	id:	CNNVD-200909-302	date:	2009-09-15T00:00:00
db:	NVD	id:	CVE-2009-2629	date:	2009-09-15T22:30:00.233