ID

VAR-201311-0399


CVE

CVE-2013-4547


TITLE

nginx Vulnerabilities that bypass restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-005289

DESCRIPTION

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // BID: 63814 // VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // PACKETSTORM: 124159 // PACKETSTORM: 124145

AFFECTED PRODUCTS

vendor:susemodel:studio onsitescope:eqversion:1.3

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.2

Trust: 1.0

vendor:susemodel:webyastscope:eqversion:1.3

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.8.41

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.5.6

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:susemodel:lifecycle management serverscope:eqversion:1.3

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.4.4

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.5.0

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:eqversion:1.5.7

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:1.5.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.8.41 to 1.4.3

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.4

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.4.1

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.3

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.5

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.4.2

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.7

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.6

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.9

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.4.0

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.8

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.10

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.9

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.8

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.40

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.1.19

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.15

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

sources: BID: 63814 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4547
value: HIGH

Trust: 1.0

NVD: CVE-2013-4547
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201311-336
value: MEDIUM

Trust: 0.6

VULHUB: VHN-64549
value: HIGH

Trust: 0.1

VULMON: CVE-2013-4547
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4547
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-64549
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

PROBLEMTYPE DATA

problemtype:CWE-116

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-64549 // JVNDB: JVNDB-2013-005289 // NVD: CVE-2013-4547

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-336

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201311-336

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005289

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547

PATCH

title:DSA-2802url:http://www.debian.org/security/2013/dsa-2802

Trust: 0.8

title:Top Pageurl:http://nginx.com/

Trust: 0.8

title:SUSE-SU-2013:1895url:http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html

Trust: 0.8

title:openSUSE-SU-2013:1791url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html

Trust: 0.8

title:openSUSE-SU-2013:1792url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html

Trust: 0.8

title:openSUSE-SU-2013:1745url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html

Trust: 0.8

title:nginx-1.5.7url:http://123.124.177.30/web/xxk/bdxqById.tag?id=48998

Trust: 0.6

title:nginx-1.4.4url:http://123.124.177.30/web/xxk/bdxqById.tag?id=48997

Trust: 0.6

title:nginx-1.4.4url:http://123.124.177.30/web/xxk/bdxqById.tag?id=48996

Trust: 0.6

title:nginx-1.4.4url:http://123.124.177.30/web/xxk/bdxqById.tag?id=49035

Trust: 0.6

title:nginx-1.5.7url:http://123.124.177.30/web/xxk/bdxqById.tag?id=48999

Trust: 0.6

title:Debian CVElist Bug Report Logs: nginx: CVE-2013-4547url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f4bb5a4a182af6a4c8ca260ef90a3d69

Trust: 0.1

title:Debian Security Advisories: DSA-2802-1 nginx -- restriction bypassurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0e9f3c319e9988b421581c9d566c73e5

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contextsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=703629f55868e4fc7623e469fe23486b

Trust: 0.1

title:Amazon Linux AMI: ALAS-2013-249url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2013-249

Trust: 0.1

title:DVWA-Noteurl:https://github.com/dhgdhg/DVWA-

Trust: 0.1

title:DVWA-Noteurl:https://github.com/twfb/DVWA-Note

Trust: 0.1

title:DVWA-Noteurl:https://github.com/dhgdhg/DVWA

Trust: 0.1

title:usn-searchurl:https://github.com/lukeber4/usn-search

Trust: 0.1

title:Visionurl:https://github.com/CoolerVoid/Vision

Trust: 0.1

title:Vision2url:https://github.com/CoolerVoid/Vision2

Trust: 0.1

title:woodswikiurl:https://github.com/woods-sega/woodswiki

Trust: 0.1

sources: VULMON: CVE-2013-4547 // JVNDB: JVNDB-2013-005289 // CNNVD: CNNVD-201311-336

EXTERNAL IDS

db:NVDid:CVE-2013-4547

Trust: 3.1

db:SECUNIAid:55825

Trust: 1.8

db:SECUNIAid:55757

Trust: 1.8

db:SECUNIAid:55822

Trust: 1.8

db:JVNDBid:JVNDB-2013-005289

Trust: 0.8

db:CNNVDid:CNNVD-201311-336

Trust: 0.7

db:BIDid:63814

Trust: 0.5

db:PACKETSTORMid:124145

Trust: 0.2

db:PACKETSTORMid:124159

Trust: 0.2

db:EXPLOIT-DBid:38846

Trust: 0.1

db:VULHUBid:VHN-64549

Trust: 0.1

db:EXPLOITDBid:38846

Trust: 0.1

db:VULMONid:CVE-2013-4547

Trust: 0.1

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // BID: 63814 // JVNDB: JVNDB-2013-005289 // PACKETSTORM: 124159 // PACKETSTORM: 124145 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

REFERENCES

url:http://www.debian.org/security/2012/dsa-2802

Trust: 2.4

url:http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html

Trust: 2.1

url:http://secunia.com/advisories/55757

Trust: 1.8

url:http://secunia.com/advisories/55822

Trust: 1.8

url:http://secunia.com/advisories/55825

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547

Trust: 0.8

url:http://nginx.org/download/patch.2013.space.txt

Trust: 0.3

url:http://nginx.org/

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671931

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-4547

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/116.html

Trust: 0.1

url:https://github.com/dhgdhg/dvwa-

Trust: 0.1

url:https://www.exploit-db.com/exploits/38846/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/63814

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012

Trust: 0.1

url:https://www.debian.org/security/./dsa-2802

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2013-0349.html

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-64549 // VULMON: CVE-2013-4547 // BID: 63814 // JVNDB: JVNDB-2013-005289 // PACKETSTORM: 124159 // PACKETSTORM: 124145 // CNNVD: CNNVD-201311-336 // NVD: CVE-2013-4547

CREDITS

Ivan Fratric of the Google Security Team

Trust: 0.9

sources: BID: 63814 // CNNVD: CNNVD-201311-336

SOURCES

db:VULHUBid:VHN-64549
db:VULMONid:CVE-2013-4547
db:BIDid:63814
db:JVNDBid:JVNDB-2013-005289
db:PACKETSTORMid:124159
db:PACKETSTORMid:124145
db:CNNVDid:CNNVD-201311-336
db:NVDid:CVE-2013-4547

LAST UPDATE DATE

2024-08-14T13:58:08.484000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-64549date:2021-11-10T00:00:00
db:VULMONid:CVE-2013-4547date:2021-11-10T00:00:00
db:BIDid:63814date:2015-05-07T17:10:00
db:JVNDBid:JVNDB-2013-005289date:2013-12-26T00:00:00
db:CNNVDid:CNNVD-201311-336date:2023-05-15T00:00:00
db:NVDid:CVE-2013-4547date:2021-11-10T15:59:33.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-64549date:2013-11-23T00:00:00
db:VULMONid:CVE-2013-4547date:2013-11-23T00:00:00
db:BIDid:63814date:2013-11-19T00:00:00
db:JVNDBid:JVNDB-2013-005289date:2013-11-27T00:00:00
db:PACKETSTORMid:124159date:2013-11-25T17:07:04
db:PACKETSTORMid:124145date:2013-11-22T21:29:14
db:CNNVDid:CNNVD-201311-336date:2013-11-26T00:00:00
db:NVDid:CVE-2013-4547date:2013-11-23T18:55:04.687