ID

VAR-200911-0310


CVE

CVE-2009-3896


TITLE

nginx of src/http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-005107

DESCRIPTION

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.0.14 >= 1.0.14 Description =========== Multiple vulnerabilities have been found in nginx: * The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). * The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896). * nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898). * The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315). * nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180). Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for nginx SECUNIA ADVISORY ID: SA48577 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 RELEASE DATE: 2012-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48577/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system. For more information: SA36751 SA36818 SA37291 SA46798 SA48366 SOLUTION: Update to "www-servers/nginx-1.0.14" or later. ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2009-3896 // JVNDB: JVNDB-2009-005107 // BID: 36839 // VULHUB: VHN-41342 // PACKETSTORM: 111273 // PACKETSTORM: 111263

AFFECTED PRODUCTS

vendor:f5model:nginxscope:eqversion:0.8.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.50

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.48

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.52

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.60

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.50

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.55

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.52

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.53

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.47

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.48

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.60

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.53

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.55

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.49

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.49

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.57

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.46

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.51

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.58

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.54

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:0.6.1516

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.57

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.46

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.54

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.59

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.58

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.61

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.56

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.59

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.61

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.47

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.51

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.56

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.6

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:eqversion:0.8.14

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.1.0 to 0.4.14

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.6.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.7.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.8.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.6.39

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.5.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.5.38

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.7.62

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:0.3.49

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.10

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.5

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.13

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.48

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.46

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.47

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.12

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.50

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.3.11

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.7.61

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6.38

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6.32

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.5.37

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.5

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.4.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.4.13

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.4

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

sources: BID: 36839 // JVNDB: JVNDB-2009-005107 // CNNVD: CNNVD-200911-243 // NVD: CVE-2009-3896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3896
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3896
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200911-243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-41342
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3896
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-41342
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-41342 // JVNDB: JVNDB-2009-005107 // CNNVD: CNNVD-200911-243 // NVD: CVE-2009-3896

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-41342 // JVNDB: JVNDB-2009-005107 // NVD: CVE-2009-3896

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-243

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200911-243

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005107

PATCH

title:Top Pageurl:http://nginx.org/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005107

EXTERNAL IDS

db:NVDid:CVE-2009-3896

Trust: 2.9

db:BIDid:36839

Trust: 2.0

db:SECUNIAid:48577

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2009/11/20/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/20/6

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/23/10

Trust: 1.7

db:JVNDBid:JVNDB-2009-005107

Trust: 0.8

db:CNNVDid:CNNVD-200911-243

Trust: 0.7

db:SEEBUGid:SSVID-87573

Trust: 0.1

db:VULHUBid:VHN-41342

Trust: 0.1

db:PACKETSTORMid:111273

Trust: 0.1

db:PACKETSTORMid:111263

Trust: 0.1

sources: VULHUB: VHN-41342 // BID: 36839 // JVNDB: JVNDB-2009-005107 // PACKETSTORM: 111273 // PACKETSTORM: 111263 // CNNVD: CNNVD-200911-243 // NVD: CVE-2009-3896

REFERENCES

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035

Trust: 2.0

url:http://security.gentoo.org/glsa/glsa-201203-22.xml

Trust: 1.8

url:http://www.securityfocus.com/bid/36839

Trust: 1.7

url:http://secunia.com/advisories/48577

Trust: 1.7

url:http://www.debian.org/security/2009/dsa-1920

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/20/6

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/20/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/23/10

Trust: 1.7

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz

Trust: 1.7

url:http://sysoev.ru/nginx/patch.null.pointer.txt

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=539565

Trust: 1.7

url:http://marc.info/?l=nginx&m=125692080328141&w=2

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3896

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3896

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:http://marc.info/?l=nginx&amp;m=125692080328141&amp;w=2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3896

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4315

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48577

Trust: 0.1

url:http://secunia.com/advisories/48577/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/48577/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-41342 // BID: 36839 // JVNDB: JVNDB-2009-005107 // PACKETSTORM: 111273 // PACKETSTORM: 111263 // CNNVD: CNNVD-200911-243 // NVD: CVE-2009-3896

CREDITS

Jasson Bell

Trust: 0.9

sources: BID: 36839 // CNNVD: CNNVD-200911-243

SOURCES

db:VULHUBid:VHN-41342
db:BIDid:36839
db:JVNDBid:JVNDB-2009-005107
db:PACKETSTORMid:111273
db:PACKETSTORMid:111263
db:CNNVDid:CNNVD-200911-243
db:NVDid:CVE-2009-3896

LAST UPDATE DATE

2024-08-14T12:54:46.262000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-41342date:2021-11-10T00:00:00
db:BIDid:36839date:2015-04-13T20:25:00
db:JVNDBid:JVNDB-2009-005107date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200911-243date:2023-05-15T00:00:00
db:NVDid:CVE-2009-3896date:2021-11-10T15:52:55.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-41342date:2009-11-24T00:00:00
db:BIDid:36839date:2009-10-27T00:00:00
db:JVNDBid:JVNDB-2009-005107date:2012-09-25T00:00:00
db:PACKETSTORMid:111273date:2012-03-29T02:37:12
db:PACKETSTORMid:111263date:2012-03-28T06:36:19
db:CNNVDid:CNNVD-200911-243date:2009-10-27T00:00:00
db:NVDid:CVE-2009-3896date:2009-11-24T17:30:00.377