F5 Nginx vulnerabilities

65 known vulnerabilities affecting f5/nginx.

Total CVEs
65
CISA KEV
1
actively exploited
Public exploits
11
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH29MEDIUM29LOW2

Vulnerabilities

Page 4 of 4
CVE-2009-4487MEDIUMCVSS 6.8PoCv0.7.642010-01-13
CVE-2009-4487 [MEDIUM] CVE-2009-4487: nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allo nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
nvd
CVE-2009-3896MEDIUMCVSS 5.0v0.1.0v0.1.1+280 more2009-11-24
CVE-2009-3896 [MEDIUM] CWE-119 CVE-2009-3896: src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x b src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
nvdosv
CVE-2009-3898MEDIUMCVSS 4.9PoC≤ 0.7.62v0.1.0+282 more2009-11-24
CVE-2009-3898 [MEDIUM] CWE-22 CVE-2009-3898: Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
nvdosv
CVE-2009-3555MEDIUMCVSS 5.8PoC≥ 0.1.0, ≤ 0.8.222009-11-09
CVE-2009-3555 [MEDIUM] CWE-295 CVE-2009-3555: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Infor The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly
nvdosv
CVE-2009-2629HIGHCVSS 7.5PoC≥ 0.1.0, < 0.5.38≥ 0.6.0, < 0.6.39+2 more2009-09-15
CVE-2009-2629 [HIGH] CWE-787 CVE-2009-2629: Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0. Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
nvdosv
← Previous4 / 4
F5 Nginx vulnerabilities | cvebase