ID

VAR-201404-0682


CVE

CVE-2014-0088


TITLE

nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002327

DESCRIPTION

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev

Trust: 2.07

sources: NVD: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // BID: 67507 // VULHUB: VHN-67581 // VULMON: CVE-2014-0088

AFFECTED PRODUCTS

vendor:igor sysoevmodel:nginxscope:eqversion:1.5.10

Trust: 1.4

vendor:f5model:nginxscope:eqversion:1.5.10

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:1.5.10

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:1.5.10

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:1.5.11

Trust: 0.3

sources: BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0088
value: HIGH

Trust: 1.0

NVD: CVE-2014-0088
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201404-576
value: HIGH

Trust: 0.6

VULHUB: VHN-67581
value: HIGH

Trust: 0.1

VULMON: CVE-2014-0088
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0088
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-67581
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-67581 // JVNDB: JVNDB-2014-002327 // NVD: CVE-2014-0088

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-576

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201404-576

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002327

PATCH

title:CVE-2014-0088url:http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

Trust: 0.8

title:nginx-1.5.11url:http://123.124.177.30/web/xxk/bdxqById.tag?id=49670

Trust: 0.6

title:nginx-1.5.11url:http://123.124.177.30/web/xxk/bdxqById.tag?id=49669

Trust: 0.6

title:Red Hat: CVE-2014-0088url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0088

Trust: 0.1

title:usn-searchurl:https://github.com/lukeber4/usn-search

Trust: 0.1

title: - url:https://github.com/aravindb26/new.txt

Trust: 0.1

sources: VULMON: CVE-2014-0088 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576

EXTERNAL IDS

db:NVDid:CVE-2014-0088

Trust: 2.9

db:SECTRACKid:1030150

Trust: 1.8

db:JVNDBid:JVNDB-2014-002327

Trust: 0.8

db:CNNVDid:CNNVD-201404-576

Trust: 0.7

db:BIDid:67507

Trust: 0.4

db:VULHUBid:VHN-67581

Trust: 0.1

db:VULMONid:CVE-2014-0088

Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

REFERENCES

url:http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

Trust: 2.1

url:http://www.securitytracker.com/id/1030150

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=33959

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-67581 // VULMON: CVE-2014-0088 // BID: 67507 // JVNDB: JVNDB-2014-002327 // CNNVD: CNNVD-201404-576 // NVD: CVE-2014-0088

CREDITS

Lucas Molas

Trust: 0.3

sources: BID: 67507

SOURCES

db:VULHUBid:VHN-67581
db:VULMONid:CVE-2014-0088
db:BIDid:67507
db:JVNDBid:JVNDB-2014-002327
db:CNNVDid:CNNVD-201404-576
db:NVDid:CVE-2014-0088

LAST UPDATE DATE

2024-08-14T15:35:06.266000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-67581date:2021-11-10T00:00:00
db:VULMONid:CVE-2014-0088date:2021-11-10T00:00:00
db:BIDid:67507date:2014-03-04T00:00:00
db:JVNDBid:JVNDB-2014-002327date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-576date:2023-05-15T00:00:00
db:NVDid:CVE-2014-0088date:2021-11-10T15:59:33.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-67581date:2014-04-29T00:00:00
db:VULMONid:CVE-2014-0088date:2014-04-29T00:00:00
db:BIDid:67507date:2014-03-04T00:00:00
db:JVNDBid:JVNDB-2014-002327date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-576date:2014-04-29T00:00:00
db:NVDid:CVE-2014-0088date:2014-04-29T14:38:49.920