Details of VAR-201404-0682

ID

VAR-201404-0682

CVE

CVE-2014-0088

TITLE

nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002327

DESCRIPTION

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev

Trust: 2.07

sources: NVD: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // BID: 67507 // VULHUB: VHN-67581 // VULMON: CVE-2014-0088

AFFECTED PRODUCTS

vendor:	igor sysoev	model:	nginx	scope:	eq	version:	1.5.10	Trust: 1.4
vendor:	f5	model:	nginx	scope:	eq	version:	1.5.10	Trust: 1.0
vendor:	nginx	model:	nginx	scope:	eq	version:	1.5.10	Trust: 0.6
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	1.5.10	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	ne	version:	1.5.11	Trust: 0.3

sources: BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0088
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0088
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201404-576
value:	HIGH
Trust: 0.6
VULHUB:	VHN-67581
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-0088
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0088
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-67581
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-67581 // JVNDB: JVNDB-2014-002327 // NVD: CVE-2014-0088

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-576

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201404-576

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002327

PATCH

title:	CVE-2014-0088	url:	http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html	Trust: 0.8
title:	nginx-1.5.11	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=49670	Trust: 0.6
title:	nginx-1.5.11	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=49669	Trust: 0.6
title:	Red Hat: CVE-2014-0088	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0088	Trust: 0.1
title:	usn-search	url:	https://github.com/lukeber4/usn-search	Trust: 0.1
title:	-	url:	https://github.com/aravindb26/new.txt	Trust: 0.1

sources: VULMON: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0088	Trust: 2.9
db:	SECTRACK	id:	1030150	Trust: 1.8
db:	JVNDB	id:	JVNDB-2014-002327	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-576	Trust: 0.7
db:	BID	id:	67507	Trust: 0.4
db:	VULHUB	id:	VHN-67581	Trust: 0.1
db:	VULMON	id:	CVE-2014-0088	Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

REFERENCES

url:	http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html	Trust: 2.1
url:	http://www.securitytracker.com/id/1030150	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088	Trust: 0.8
url:	http://nginx.org/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33959	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

CREDITS

Lucas Molas

Trust: 0.3

sources: BID: 67507

SOURCES

db:	VULHUB	id:	VHN-67581
db:	VULMON	id:	CVE-2014-0088
db:	BID	id:	67507
db:	JVNDB	id:	JVNDB-2014-002327
db:	CNNVD	id:	CNNVD-201404-576
db:	NVD	id:	CVE-2014-0088

LAST UPDATE DATE

2024-08-14T15:35:06.266000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-67581	date:	2021-11-10T00:00:00
db:	VULMON	id:	CVE-2014-0088	date:	2021-11-10T00:00:00
db:	BID	id:	67507	date:	2014-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-002327	date:	2014-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-576	date:	2023-05-15T00:00:00
db:	NVD	id:	CVE-2014-0088	date:	2021-11-10T15:59:33.673

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-67581	date:	2014-04-29T00:00:00
db:	VULMON	id:	CVE-2014-0088	date:	2014-04-29T00:00:00
db:	BID	id:	67507	date:	2014-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-002327	date:	2014-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-576	date:	2014-04-29T00:00:00
db:	NVD	id:	CVE-2014-0088	date:	2014-04-29T14:38:49.920