Debian Nginx vulnerabilities

CVE-2014-3556 [MEDIUM] CVE-2014-3556: nginx - The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in... The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext comm

CVE-2014-0133 [HIGH] CVE-2014-0133: nginx - Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4... Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Scope: local bookworm: resolved (fixed in 1.4.7-1) bullseye: resolved (fixed in 1.4.7-1) forky: resolved (fixed in 1.4.7-1) sid: resolved (fixed in 1.4.7-1) trixie: resolved (fixed in 1.4.7-1)

CVE-2014-0088 [HIGH] CVE-2014-0088: nginx - The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 befor... The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-4547 [HIGH] CVE-2013-4547: nginx - nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to byp... nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) forky: resolved (fixed in 1.4.4-1) sid: resolved (fixed in 1.4.4-1) trixie: resolved (fixed in 1.4.4-1)

CVE-2013-2070 [HIGH] CVE-2013-2070: nginx - http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 thro... http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Scope: local bookworm: resolved (fi

CVE-2013-2028 [HIGH] CVE-2013-2028: nginx - The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro... The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. Scope: local bookworm: resolved bullseye: resolved

CVE-2013-0337 [HIGH] CVE-2013-0337: nginx - The default configuration of nginx, possibly 1.3.13 and earlier, uses world-read... The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2012-1180 [MEDIUM] CVE-2012-1180: nginx - Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allo... Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Scope: local bookworm: resolved (fixed in 1.1.17-1) bullseye: resolved (fixed in 1.1.17-1) forky: resolved (fixed in 1.1.17-1) sid: resolved (fix

CVE-2012-2089 [MEDIUM] CVE-2012-2089: nginx - Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in ng... Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. Scope: local bookworm: resolved (fixed in 1.1.19-1) bullseye: resolved (fixe

CVE-2012-3380 [LOW] CVE-2012-3380: nginx - Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module ... Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.2.1-2) bullseye: resolved (fixed in 1.2.1-2) forky: resolved (fixed in 1.2.1-2) sid: resolved (fixed in 1.2.1-2) trixie: resolved (fixed in 1.2.1-2)

CVE-2012-4929 [LOW] CVE-2012-4929: apache2 - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt,... The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potenti

CVE-2011-4968 [MEDIUM] CVE-2011-4968: nginx - nginx http proxy module does not verify peer identity of https origin server whi... nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) Scope: local bookworm: resolved (fixed in 1.9.1-1) bullseye: resolved (fixed in 1.9.1-1) forky: resolved (fixed in 1.9.1-1) sid: resolved (fixed in 1.9.1-1) trixie: resolved (fixed in 1.9.1-1)

CVE-2011-4315 [MEDIUM] CVE-2011-4315: nginx - Heap-based buffer overflow in compression-pointer processing in core/ngx_resolve... Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Scope: local bookworm: resolved (fixed in 1.1.8-1) bullseye: resolved (fixed in 1.1.8-1) forky: resolved (fixed in 1.1.8-1) sid: res

CVE-2011-4963 [MEDIUM] CVE-2011-4963: nginx - nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers ... nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2010-2266 [MEDIUM] CVE-2010-2266: nginx - nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via ce... nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2010-2263 [MEDIUM] CVE-2010-2263: nginx - nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows r... nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2009-2629 [HIGH] CVE-2009-2629: nginx - Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6... Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Scope: local bookworm: resolved (fixed in 0.7.61-3) bullseye: resolved (fixed in 0.7.61-3) forky: resolved (fixed in 0.7.61-3) sid: resolved (fixed in 0

CVE-2009-3555 [MEDIUM] CVE-2009-3555: apache2 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr... The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate reneg

CVE-2009-3896 [MEDIUM] CVE-2009-3896: nginx - src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x be... src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. Scope: local bookworm: resolved (fixed in 0.7.62-1) bullseye: resolved (fixed in 0.7.62-1)

CVE-2009-4487 [MEDIUM] CVE-2009-4487: nginx - nginx 0.7.64 writes data to a log file without sanitizing non-printable characte... nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open