ID

VAR-202107-1672


CVE

CVE-2021-3618


TITLE

F5 Networks  of  nginx  Vulnerability related to certificate verification in products of multiple vendors

Trust: 0.8

sources: JVNDB: JVNDB-2021-019676

DESCRIPTION

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ========================================================================== Ubuntu Security Notice USN-5371-2 April 28, 2022 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: nginx could be made to redirect network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. (CVE-2021-3618) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: nginx-core 1.18.0-6ubuntu14.1 nginx-extras 1.18.0-6ubuntu14.1 nginx-light 1.18.0-6ubuntu14.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5371-2 https://ubuntu.com/security/notices/USN-5371-1 CVE-2021-3618 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1

Trust: 2.16

sources: NVD: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.21.0

Trust: 1.0

vendor:sendmailmodel:sendmailscope:ltversion:8.17

Trust: 1.0

vendor:vsftpdmodel:vsftpdscope:ltversion:3.0.4

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:vsftpdmodel:vsftpdscope: - version: -

Trust: 0.8

vendor:f5model:nginxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:sendmail consortiummodel:sendmailscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019676 // NVD: CVE-2021-3618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3618
value: HIGH

Trust: 1.0

NVD: CVE-2021-3618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-216
value: HIGH

Trust: 0.6

VULHUB: VHN-395783
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-3618
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3618
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395783
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3618
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-3618
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // CNNVD: CNNVD-202107-216 // NVD: CVE-2021-3618

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395783 // JVNDB: JVNDB-2021-019676 // NVD: CVE-2021-3618

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 168672 // PACKETSTORM: 174729 // CNNVD: CNNVD-202107-216

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202107-216

PATCH

title:Top Pageurl:https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html

Trust: 0.8

title:nginx Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=155955

Trust: 0.6

title:Ubuntu Security Notice: USN-5371-3: nginx vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-3

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2021-3618url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef1074892d0995f0a511641c443018df

Trust: 0.1

title:Ubuntu Security Notice: USN-5371-2: nginx vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-2

Trust: 0.1

title:Ubuntu Security Notice: USN-5371-1: nginx vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-1

Trust: 0.1

title:Amazon Linux 2: ALASNGINX1-2023-002url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-002

Trust: 0.1

title:Red Hat: CVE-2021-3618url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-3618

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-3618 log

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-172url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-172

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-132url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-132

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-171url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-171

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-136url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-136

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-3618

Trust: 0.1

sources: VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // CNNVD: CNNVD-202107-216

EXTERNAL IDS

db:NVDid:CVE-2021-3618

Trust: 3.8

db:PACKETSTORMid:168672

Trust: 0.8

db:JVNDBid:JVNDB-2021-019676

Trust: 0.8

db:PACKETSTORMid:166709

Trust: 0.7

db:PACKETSTORMid:166888

Trust: 0.7

db:AUSCERTid:ESB-2022.6109

Trust: 0.6

db:AUSCERTid:ESB-2022.1628

Trust: 0.6

db:AUSCERTid:ESB-2022.6139

Trust: 0.6

db:CS-HELPid:SB2022042817

Trust: 0.6

db:CS-HELPid:SB2022010906

Trust: 0.6

db:CS-HELPid:SB2022041422

Trust: 0.6

db:CNNVDid:CNNVD-202107-216

Trust: 0.6

db:VULHUBid:VHN-395783

Trust: 0.1

db:VULMONid:CVE-2021-3618

Trust: 0.1

db:PACKETSTORMid:174729

Trust: 0.1

sources: VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729 // CNNVD: CNNVD-202107-216 // NVD: CVE-2021-3618

REFERENCES

url:https://alpaca-attack.com/

Trust: 2.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=1975623

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-3618

Trust: 1.2

url:https://ubuntu.com/security/cve-2021-3618

Trust: 0.6

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329

Trust: 0.6

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328

Trust: 0.6

url:https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a

Trust: 0.6

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010906

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6489853

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041422

Trust: 0.6

url:https://vigilance.fr/vulnerability/nginx-man-in-the-middle-via-the-tls-extension-alpn-35818

Trust: 0.6

url:https://packetstormsecurity.com/files/168672/ubuntu-security-notice-usn-5371-3.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6514817

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-3618/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042817

Trust: 0.6

url:https://packetstormsecurity.com/files/166709/ubuntu-security-notice-usn-5371-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1628

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6109

Trust: 0.6

url:https://packetstormsecurity.com/files/166888/ubuntu-security-notice-usn-5371-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6139

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36309

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11724

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5371-1

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5371-3

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/295.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-3618

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5371-2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6379-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/vsftpd/3.0.5-0ubuntu0.20.04.1

Trust: 0.1

sources: VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729 // CNNVD: CNNVD-202107-216 // NVD: CVE-2021-3618

CREDITS

Ubuntu

Trust: 0.4

sources: PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729

SOURCES

db:VULHUBid:VHN-395783
db:VULMONid:CVE-2021-3618
db:JVNDBid:JVNDB-2021-019676
db:PACKETSTORMid:166709
db:PACKETSTORMid:168672
db:PACKETSTORMid:166888
db:PACKETSTORMid:174729
db:CNNVDid:CNNVD-202107-216
db:NVDid:CVE-2021-3618

LAST UPDATE DATE

2024-08-14T12:39:40.605000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395783date:2023-02-09T00:00:00
db:VULMONid:CVE-2021-3618date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2021-019676date:2023-08-10T07:42:00
db:CNNVDid:CNNVD-202107-216date:2023-05-19T00:00:00
db:NVDid:CVE-2021-3618date:2023-02-09T02:03:34.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-395783date:2022-03-23T00:00:00
db:VULMONid:CVE-2021-3618date:2022-03-23T00:00:00
db:JVNDBid:JVNDB-2021-019676date:2023-08-10T00:00:00
db:PACKETSTORMid:166709date:2022-04-13T15:03:13
db:PACKETSTORMid:168672date:2022-10-10T16:13:35
db:PACKETSTORMid:166888date:2022-04-28T15:18:16
db:PACKETSTORMid:174729date:2023-09-19T15:23:43
db:CNNVDid:CNNVD-202107-216date:2021-07-05T00:00:00
db:NVDid:CVE-2021-3618date:2022-03-23T20:15:09.833