Details of VAR-201311-0399

ID

VAR-201311-0399

CVE

CVE-2013-4547

TITLE

nginx Vulnerabilities that bypass restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-005289

DESCRIPTION

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // BID: 63814 // VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // PACKETSTORM: 124159 // PACKETSTORM: 124145

AFFECTED PRODUCTS

vendor:	suse	model:	studio onsite	scope:	eq	version:	1.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.2	Trust: 1.0
vendor:	suse	model:	webyast	scope:	eq	version:	1.3	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.8.41	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lte	version:	1.5.6	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	suse	model:	lifecycle management server	scope:	eq	version:	1.3	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.4.4	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	1.5.0	Trust: 1.0
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.5.7	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	lt	version:	1.5.x	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	0.8.41 to 1.4.3	Trust: 0.8
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.4	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.4.1	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.3	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.5	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.4.2	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.7	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.6	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.9	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.4.0	Trust: 0.6
vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.3.8	Trust: 0.6
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.1.17	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.0.14	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.0.10	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.0.9	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.8.40	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.0.15	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 63814 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4547
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4547
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201311-336
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64549
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-4547
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4547
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-64549
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

PROBLEMTYPE DATA

problemtype:	CWE-116	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-64549 // JVNDB: JVNDB-2013-005289 // NVD: CVE-2013-4547

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-336

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201311-336

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005289

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547

PATCH

title:	DSA-2802	url:	http://www.debian.org/security/2013/dsa-2802	Trust: 0.8
title:	Top Page	url:	http://nginx.com/	Trust: 0.8
title:	SUSE-SU-2013:1895	url:	http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html	Trust: 0.8
title:	openSUSE-SU-2013:1791	url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html	Trust: 0.8
title:	openSUSE-SU-2013:1792	url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html	Trust: 0.8
title:	openSUSE-SU-2013:1745	url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html	Trust: 0.8
title:	nginx-1.5.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=48998	Trust: 0.6
title:	nginx-1.4.4	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=48997	Trust: 0.6
title:	nginx-1.4.4	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=48996	Trust: 0.6
title:	nginx-1.4.4	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=49035	Trust: 0.6
title:	nginx-1.5.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=48999	Trust: 0.6
title:	Debian CVElist Bug Report Logs: nginx: CVE-2013-4547	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f4bb5a4a182af6a4c8ca260ef90a3d69	Trust: 0.1
title:	Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0e9f3c319e9988b421581c9d566c73e5	Trust: 0.1
title:	Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=703629f55868e4fc7623e469fe23486b	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2013-249	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2013-249	Trust: 0.1
title:	DVWA-Note	url:	https://github.com/dhgdhg/DVWA-	Trust: 0.1
title:	DVWA-Note	url:	https://github.com/twfb/DVWA-Note	Trust: 0.1
title:	DVWA-Note	url:	https://github.com/dhgdhg/DVWA	Trust: 0.1
title:	usn-search	url:	https://github.com/lukeber4/usn-search	Trust: 0.1
title:	Vision	url:	https://github.com/CoolerVoid/Vision	Trust: 0.1
title:	Vision2	url:	https://github.com/CoolerVoid/Vision2	Trust: 0.1
title:	woodswiki	url:	https://github.com/woods-sega/woodswiki	Trust: 0.1

sources: VULMON: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4547	Trust: 3.1
db:	SECUNIA	id:	55825	Trust: 1.8
db:	SECUNIA	id:	55757	Trust: 1.8
db:	SECUNIA	id:	55822	Trust: 1.8
db:	JVNDB	id:	JVNDB-2013-005289	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-336	Trust: 0.7
db:	BID	id:	63814	Trust: 0.5
db:	PACKETSTORM	id:	124145	Trust: 0.2
db:	PACKETSTORM	id:	124159	Trust: 0.2
db:	EXPLOIT-DB	id:	38846	Trust: 0.1
db:	VULHUB	id:	VHN-64549	Trust: 0.1
db:	EXPLOITDB	id:	38846	Trust: 0.1
db:	VULMON	id:	CVE-2013-4547	Trust: 0.1

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // BID: 63814 // JVNDB: JVNDB-2013-005289 // PACKETSTORM: 124159 // PACKETSTORM: 124145 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

REFERENCES

url:	http://www.debian.org/security/2012/dsa-2802	Trust: 2.4
url:	http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html	Trust: 2.1
url:	http://secunia.com/advisories/55757	Trust: 1.8
url:	http://secunia.com/advisories/55822	Trust: 1.8
url:	http://secunia.com/advisories/55825	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547	Trust: 0.8
url:	http://nginx.org/download/patch.2013.space.txt	Trust: 0.3
url:	http://nginx.org/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671931	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4547	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/116.html	Trust: 0.1
url:	https://github.com/dhgdhg/dvwa-	Trust: 0.1
url:	https://www.exploit-db.com/exploits/38846/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/63814	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2802	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://advisories.mageia.org/mgasa-2013-0349.html	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1

CREDITS

Ivan Fratric of the Google Security Team

Trust: 0.9

sources: BID: 63814 // CNNVD: CNNVD-201311-336

SOURCES

db:	VULHUB	id:	VHN-64549
db:	VULMON	id:	CVE-2013-4547
db:	BID	id:	63814
db:	JVNDB	id:	JVNDB-2013-005289
db:	PACKETSTORM	id:	124159
db:	PACKETSTORM	id:	124145
db:	CNNVD	id:	CNNVD-201311-336
db:	NVD	id:	CVE-2013-4547

LAST UPDATE DATE

2024-08-14T13:58:08.484000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-64549	date:	2021-11-10T00:00:00
db:	VULMON	id:	CVE-2013-4547	date:	2021-11-10T00:00:00
db:	BID	id:	63814	date:	2015-05-07T17:10:00
db:	JVNDB	id:	JVNDB-2013-005289	date:	2013-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201311-336	date:	2023-05-15T00:00:00
db:	NVD	id:	CVE-2013-4547	date:	2021-11-10T15:59:33.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-64549	date:	2013-11-23T00:00:00
db:	VULMON	id:	CVE-2013-4547	date:	2013-11-23T00:00:00
db:	BID	id:	63814	date:	2013-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-005289	date:	2013-11-27T00:00:00
db:	PACKETSTORM	id:	124159	date:	2013-11-25T17:07:04
db:	PACKETSTORM	id:	124145	date:	2013-11-22T21:29:14
db:	CNNVD	id:	CNNVD-201311-336	date:	2013-11-26T00:00:00
db:	NVD	id:	CVE-2013-4547	date:	2013-11-23T18:55:04.687