Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7529 (GCVE-0-2017-7529)
Vulnerability from cvelistv5
Published
2017-07-13 13:00
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nginx",
"vendor": "nginx",
"versions": [
{
"status": "affected",
"version": "0.5.6 - 1.13.2"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T23:07:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-7529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx",
"version": {
"version_data": [
{
"version_value": "0.5.6 - 1.13.2"
}
]
}
}
]
},
"vendor_name": "nginx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7529",
"datePublished": "2017-07-13T13:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T18:39:56.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7529\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-07-13T13:29:00.220\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.\"},{\"lang\":\"es\",\"value\":\"Las versiones desde la 0.5.6 hasta 1.13.2 incluy\u00e9ndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el m\u00f3dulo filtro de rango de nginx, resultando en un filtrado de informaci\u00f3n potencialmente confidencial activada por una petici\u00f3n especialmente creada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.5.6\",\"versionEndIncluding\":\"1.12.1\",\"matchCriteriaId\":\"D19034A4-1211-4A40-A2D3-2A9F87770081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndIncluding\":\"1.13.2\",\"matchCriteriaId\":\"BA59CB1C-4A69-4593-9D22-9B45FCA70490\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2016.4.7\",\"matchCriteriaId\":\"B7ABD977-A333-473B-806D-32ECD7909B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.1.0\",\"versionEndIncluding\":\"2017.1.1\",\"matchCriteriaId\":\"15CC6F3C-8DA8-4CE0-8E9A-057A0F55DEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.2.1\",\"versionEndIncluding\":\"2017.2.3\",\"matchCriteriaId\":\"38CBF065-5219-463A-9677-86088D761584\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0\",\"matchCriteriaId\":\"BB279F6B-EE4C-4885-9CD4-657F6BD2548F\"}]}]}],\"references\":[{\"url\":\"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/36\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99534\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039238\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2538\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppet.com/security/cve/cve-2017-7529\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212818\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppet.com/security/cve/cve-2017-7529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
opensuse-su-2018:0813-1
Vulnerability from csaf_opensuse
Published
2018-03-26 10:15
Modified
2018-03-26 10:15
Summary
Security update for nginx
Notes
Title of the patch
Security update for nginx
Description of the patch
This update for nginx to version 1.13.9 fixes the following issues:
- CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265)
This update also contains all updates and improvements in 1.13.9 upstream release.
Patchnames
openSUSE-2018-310
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nginx to version 1.13.9 fixes the following issues:\n\n- CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265)\n\nThis update also contains all updates and improvements in 1.13.9 upstream release.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-310",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0813-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1048265",
"url": "https://bugzilla.suse.com/1048265"
},
{
"category": "self",
"summary": "SUSE Bug 1057831",
"url": "https://bugzilla.suse.com/1057831"
},
{
"category": "self",
"summary": "SUSE Bug 1059685",
"url": "https://bugzilla.suse.com/1059685"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7529 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7529/"
}
],
"title": "Security update for nginx",
"tracking": {
"current_release_date": "2018-03-26T10:15:33Z",
"generator": {
"date": "2018-03-26T10:15:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:0813-1",
"initial_release_date": "2018-03-26T10:15:33Z",
"revision_history": [
{
"date": "2018-03-26T10:15:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.13.9-12.1.aarch64",
"product": {
"name": "nginx-1.13.9-12.1.aarch64",
"product_id": "nginx-1.13.9-12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-plugin-nginx-1.13.9-12.1.noarch",
"product": {
"name": "vim-plugin-nginx-1.13.9-12.1.noarch",
"product_id": "vim-plugin-nginx-1.13.9-12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.13.9-12.1.ppc64le",
"product": {
"name": "nginx-1.13.9-12.1.ppc64le",
"product_id": "nginx-1.13.9-12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.13.9-12.1.s390x",
"product": {
"name": "nginx-1.13.9-12.1.s390x",
"product_id": "nginx-1.13.9-12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.13.9-12.1.x86_64",
"product": {
"name": "nginx-1.13.9-12.1.x86_64",
"product_id": "nginx-1.13.9-12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.13.9-12.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64"
},
"product_reference": "nginx-1.13.9-12.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.13.9-12.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le"
},
"product_reference": "nginx-1.13.9-12.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.13.9-12.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:nginx-1.13.9-12.1.s390x"
},
"product_reference": "nginx-1.13.9-12.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.13.9-12.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64"
},
"product_reference": "nginx-1.13.9-12.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-plugin-nginx-1.13.9-12.1.noarch as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch"
},
"product_reference": "vim-plugin-nginx-1.13.9-12.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7529"
}
],
"notes": [
{
"category": "general",
"text": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64",
"SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le",
"SUSE Package Hub 12:nginx-1.13.9-12.1.s390x",
"SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64",
"SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7529",
"url": "https://www.suse.com/security/cve/CVE-2017-7529"
},
{
"category": "external",
"summary": "SUSE Bug 1048265 for CVE-2017-7529",
"url": "https://bugzilla.suse.com/1048265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64",
"SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le",
"SUSE Package Hub 12:nginx-1.13.9-12.1.s390x",
"SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64",
"SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64",
"SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le",
"SUSE Package Hub 12:nginx-1.13.9-12.1.s390x",
"SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64",
"SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-26T10:15:33Z",
"details": "important"
}
],
"title": "CVE-2017-7529"
}
]
}
opensuse-su-2024:11341-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media
Notes
Title of the patch
ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media
Description of the patch
These are all security issues fixed in the ruby2.7-rubygem-passenger-6.0.8-3.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11341
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.7-rubygem-passenger-6.0.8-3.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11341",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11341-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-2119 page",
"url": "https://www.suse.com/security/cve/CVE-2013-2119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4547 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1831 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1832 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7519 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1247 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7529 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12026 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12029 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12029/"
}
],
"title": "ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11341-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"product": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"product_id": "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"product": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"product_id": "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-6.0.8-3.2.aarch64",
"product": {
"name": "rubygem-passenger-6.0.8-3.2.aarch64",
"product_id": "rubygem-passenger-6.0.8-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"product": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"product_id": "rubygem-passenger-apache2-6.0.8-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"product": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"product_id": "rubygem-passenger-nginx-6.0.8-3.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"product": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"product_id": "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"product": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"product_id": "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-6.0.8-3.2.ppc64le",
"product": {
"name": "rubygem-passenger-6.0.8-3.2.ppc64le",
"product_id": "rubygem-passenger-6.0.8-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"product": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"product_id": "rubygem-passenger-apache2-6.0.8-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"product": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"product_id": "rubygem-passenger-nginx-6.0.8-3.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"product": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"product_id": "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"product": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"product_id": "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-6.0.8-3.2.s390x",
"product": {
"name": "rubygem-passenger-6.0.8-3.2.s390x",
"product_id": "rubygem-passenger-6.0.8-3.2.s390x"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-apache2-6.0.8-3.2.s390x",
"product": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.s390x",
"product_id": "rubygem-passenger-apache2-6.0.8-3.2.s390x"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-nginx-6.0.8-3.2.s390x",
"product": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.s390x",
"product_id": "rubygem-passenger-nginx-6.0.8-3.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"product": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"product_id": "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"product": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"product_id": "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-6.0.8-3.2.x86_64",
"product": {
"name": "rubygem-passenger-6.0.8-3.2.x86_64",
"product_id": "rubygem-passenger-6.0.8-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"product": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"product_id": "rubygem-passenger-apache2-6.0.8-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-passenger-nginx-6.0.8-3.2.x86_64",
"product": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.x86_64",
"product_id": "rubygem-passenger-nginx-6.0.8-3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64"
},
"product_reference": "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le"
},
"product_reference": "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x"
},
"product_reference": "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64"
},
"product_reference": "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64"
},
"product_reference": "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le"
},
"product_reference": "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x"
},
"product_reference": "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64"
},
"product_reference": "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64"
},
"product_reference": "rubygem-passenger-6.0.8-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le"
},
"product_reference": "rubygem-passenger-6.0.8-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x"
},
"product_reference": "rubygem-passenger-6.0.8-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64"
},
"product_reference": "rubygem-passenger-6.0.8-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64"
},
"product_reference": "rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le"
},
"product_reference": "rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x"
},
"product_reference": "rubygem-passenger-apache2-6.0.8-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-apache2-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64"
},
"product_reference": "rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64"
},
"product_reference": "rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le"
},
"product_reference": "rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x"
},
"product_reference": "rubygem-passenger-nginx-6.0.8-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-passenger-nginx-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
},
"product_reference": "rubygem-passenger-nginx-6.0.8-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-2119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-2119"
}
],
"notes": [
{
"category": "general",
"text": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-2119",
"url": "https://www.suse.com/security/cve/CVE-2013-2119"
},
{
"category": "external",
"summary": "SUSE Bug 828005 for CVE-2013-2119",
"url": "https://bugzilla.suse.com/828005"
},
{
"category": "external",
"summary": "SUSE Bug 919726 for CVE-2013-2119",
"url": "https://bugzilla.suse.com/919726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-2119"
},
{
"cve": "CVE-2013-4547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4547"
}
],
"notes": [
{
"category": "general",
"text": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4547",
"url": "https://www.suse.com/security/cve/CVE-2013-4547"
},
{
"category": "external",
"summary": "SUSE Bug 851295 for CVE-2013-4547",
"url": "https://bugzilla.suse.com/851295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2013-4547"
},
{
"cve": "CVE-2014-1831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1831"
}
],
"notes": [
{
"category": "general",
"text": "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1831",
"url": "https://www.suse.com/security/cve/CVE-2014-1831"
},
{
"category": "external",
"summary": "SUSE Bug 860994 for CVE-2014-1831",
"url": "https://bugzilla.suse.com/860994"
},
{
"category": "external",
"summary": "SUSE Bug 864352 for CVE-2014-1831",
"url": "https://bugzilla.suse.com/864352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1831"
},
{
"cve": "CVE-2014-1832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1832"
}
],
"notes": [
{
"category": "general",
"text": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1832",
"url": "https://www.suse.com/security/cve/CVE-2014-1832"
},
{
"category": "external",
"summary": "SUSE Bug 860994 for CVE-2014-1832",
"url": "https://bugzilla.suse.com/860994"
},
{
"category": "external",
"summary": "SUSE Bug 864352 for CVE-2014-1832",
"url": "https://bugzilla.suse.com/864352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1832"
},
{
"cve": "CVE-2015-7519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7519"
}
],
"notes": [
{
"category": "general",
"text": "agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7519",
"url": "https://www.suse.com/security/cve/CVE-2015-7519"
},
{
"category": "external",
"summary": "SUSE Bug 956281 for CVE-2015-7519",
"url": "https://bugzilla.suse.com/956281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7519"
},
{
"cve": "CVE-2016-1247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1247"
}
],
"notes": [
{
"category": "general",
"text": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1247",
"url": "https://www.suse.com/security/cve/CVE-2016-1247"
},
{
"category": "external",
"summary": "SUSE Bug 1007000 for CVE-2016-1247",
"url": "https://bugzilla.suse.com/1007000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1247"
},
{
"cve": "CVE-2017-7529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7529"
}
],
"notes": [
{
"category": "general",
"text": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7529",
"url": "https://www.suse.com/security/cve/CVE-2017-7529"
},
{
"category": "external",
"summary": "SUSE Bug 1048265 for CVE-2017-7529",
"url": "https://bugzilla.suse.com/1048265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7529"
},
{
"cve": "CVE-2018-12026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12026"
}
],
"notes": [
{
"category": "general",
"text": "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12026",
"url": "https://www.suse.com/security/cve/CVE-2018-12026"
},
{
"category": "external",
"summary": "SUSE Bug 1097655 for CVE-2018-12026",
"url": "https://bugzilla.suse.com/1097655"
},
{
"category": "external",
"summary": "SUSE Bug 1097663 for CVE-2018-12026",
"url": "https://bugzilla.suse.com/1097663"
},
{
"category": "external",
"summary": "SUSE Bug 1097664 for CVE-2018-12026",
"url": "https://bugzilla.suse.com/1097664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-12026"
},
{
"cve": "CVE-2018-12029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12029"
}
],
"notes": [
{
"category": "general",
"text": "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root\u0027s crontab file allows privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12029",
"url": "https://www.suse.com/security/cve/CVE-2018-12029"
},
{
"category": "external",
"summary": "SUSE Bug 1097655 for CVE-2018-12029",
"url": "https://bugzilla.suse.com/1097655"
},
{
"category": "external",
"summary": "SUSE Bug 1097663 for CVE-2018-12029",
"url": "https://bugzilla.suse.com/1097663"
},
{
"category": "external",
"summary": "SUSE Bug 1097664 for CVE-2018-12029",
"url": "https://bugzilla.suse.com/1097664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x",
"openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12029"
}
]
}
opensuse-su-2024:11092-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
nginx-1.21.3-1.4 on GA media
Notes
Title of the patch
nginx-1.21.3-1.4 on GA media
Description of the patch
These are all security issues fixed in the nginx-1.21.3-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11092
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nginx-1.21.3-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nginx-1.21.3-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11092",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11092-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7529 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16843 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16845 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20372 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23017 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23017/"
}
],
"title": "nginx-1.21.3-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11092-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.3-1.4.aarch64",
"product": {
"name": "nginx-1.21.3-1.4.aarch64",
"product_id": "nginx-1.21.3-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.21.3-1.4.aarch64",
"product": {
"name": "nginx-source-1.21.3-1.4.aarch64",
"product_id": "nginx-source-1.21.3-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "vim-plugin-nginx-1.21.3-1.4.aarch64",
"product": {
"name": "vim-plugin-nginx-1.21.3-1.4.aarch64",
"product_id": "vim-plugin-nginx-1.21.3-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.3-1.4.ppc64le",
"product": {
"name": "nginx-1.21.3-1.4.ppc64le",
"product_id": "nginx-1.21.3-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "nginx-source-1.21.3-1.4.ppc64le",
"product": {
"name": "nginx-source-1.21.3-1.4.ppc64le",
"product_id": "nginx-source-1.21.3-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-plugin-nginx-1.21.3-1.4.ppc64le",
"product": {
"name": "vim-plugin-nginx-1.21.3-1.4.ppc64le",
"product_id": "vim-plugin-nginx-1.21.3-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.3-1.4.s390x",
"product": {
"name": "nginx-1.21.3-1.4.s390x",
"product_id": "nginx-1.21.3-1.4.s390x"
}
},
{
"category": "product_version",
"name": "nginx-source-1.21.3-1.4.s390x",
"product": {
"name": "nginx-source-1.21.3-1.4.s390x",
"product_id": "nginx-source-1.21.3-1.4.s390x"
}
},
{
"category": "product_version",
"name": "vim-plugin-nginx-1.21.3-1.4.s390x",
"product": {
"name": "vim-plugin-nginx-1.21.3-1.4.s390x",
"product_id": "vim-plugin-nginx-1.21.3-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.3-1.4.x86_64",
"product": {
"name": "nginx-1.21.3-1.4.x86_64",
"product_id": "nginx-1.21.3-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.21.3-1.4.x86_64",
"product": {
"name": "nginx-source-1.21.3-1.4.x86_64",
"product_id": "nginx-source-1.21.3-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "vim-plugin-nginx-1.21.3-1.4.x86_64",
"product": {
"name": "vim-plugin-nginx-1.21.3-1.4.x86_64",
"product_id": "vim-plugin-nginx-1.21.3-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64"
},
"product_reference": "nginx-1.21.3-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le"
},
"product_reference": "nginx-1.21.3-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.3-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x"
},
"product_reference": "nginx-1.21.3-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64"
},
"product_reference": "nginx-1.21.3-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64"
},
"product_reference": "nginx-source-1.21.3-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le"
},
"product_reference": "nginx-source-1.21.3-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.3-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x"
},
"product_reference": "nginx-source-1.21.3-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64"
},
"product_reference": "nginx-source-1.21.3-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-plugin-nginx-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64"
},
"product_reference": "vim-plugin-nginx-1.21.3-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-plugin-nginx-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le"
},
"product_reference": "vim-plugin-nginx-1.21.3-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-plugin-nginx-1.21.3-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x"
},
"product_reference": "vim-plugin-nginx-1.21.3-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-plugin-nginx-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
},
"product_reference": "vim-plugin-nginx-1.21.3-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7529"
}
],
"notes": [
{
"category": "general",
"text": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7529",
"url": "https://www.suse.com/security/cve/CVE-2017-7529"
},
{
"category": "external",
"summary": "SUSE Bug 1048265 for CVE-2017-7529",
"url": "https://bugzilla.suse.com/1048265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7529"
},
{
"cve": "CVE-2018-16843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16843"
}
],
"notes": [
{
"category": "general",
"text": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16843",
"url": "https://www.suse.com/security/cve/CVE-2018-16843"
},
{
"category": "external",
"summary": "SUSE Bug 1115022 for CVE-2018-16843",
"url": "https://bugzilla.suse.com/1115022"
},
{
"category": "external",
"summary": "SUSE Bug 1115025 for CVE-2018-16843",
"url": "https://bugzilla.suse.com/1115025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16843"
},
{
"cve": "CVE-2018-16845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16845"
}
],
"notes": [
{
"category": "general",
"text": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16845",
"url": "https://www.suse.com/security/cve/CVE-2018-16845"
},
{
"category": "external",
"summary": "SUSE Bug 1115015 for CVE-2018-16845",
"url": "https://bugzilla.suse.com/1115015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16845"
},
{
"cve": "CVE-2019-20372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20372"
}
],
"notes": [
{
"category": "general",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20372",
"url": "https://www.suse.com/security/cve/CVE-2019-20372"
},
{
"category": "external",
"summary": "SUSE Bug 1160682 for CVE-2019-20372",
"url": "https://bugzilla.suse.com/1160682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20372"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2021-23017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23017"
}
],
"notes": [
{
"category": "general",
"text": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23017",
"url": "https://www.suse.com/security/cve/CVE-2021-23017"
},
{
"category": "external",
"summary": "SUSE Bug 1186126 for CVE-2021-23017",
"url": "https://bugzilla.suse.com/1186126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x",
"openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23017"
}
]
}
rhsa-2017:2538
Vulnerability from csaf_redhat
Published
2017-08-28 21:59
Modified
2025-08-04 11:57
Summary
Red Hat Security Advisory: rh-nginx110-nginx security update
Notes
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
Security Fix(es):
* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-nginx110-nginx is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.\n\nSecurity Fix(es):\n\n* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2538",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1468584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2538.json"
}
],
"title": "Red Hat Security Advisory: rh-nginx110-nginx security update",
"tracking": {
"current_release_date": "2025-08-04T11:57:47+00:00",
"generator": {
"date": "2025-08-04T11:57:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:2538",
"initial_release_date": "2017-08-28T21:59:32+00:00",
"revision_history": [
{
"date": "2017-08-28T21:59:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-08-28T21:59:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:57:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"product_id": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"product": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"product_id": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"product": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"product_id": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"product": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"product_id": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
},
"product_reference": "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Nginx project"
]
}
],
"cve": "CVE-2017-7529",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2017-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1468584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: Integer overflow in nginx range filter module leading to memory disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7529"
},
{
"category": "external",
"summary": "RHBZ#1468584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529"
},
{
"category": "external",
"summary": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-28T21:59:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64",
"6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64",
"7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nginx: Integer overflow in nginx range filter module leading to memory disclosure"
}
]
}
fkie_cve-2017-7529
Vulnerability from fkie_nvd
Published
2017-07-13 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | Vendor Advisory | |
| secalert@redhat.com | http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/99534 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1039238 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2538 | Third Party Advisory | |
| secalert@redhat.com | https://puppet.com/security/cve/cve-2017-7529 | Third Party Advisory | |
| secalert@redhat.com | https://support.apple.com/kb/HT212818 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99534 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039238 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2538 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2017-7529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212818 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx | * | |
| f5 | nginx | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| apple | xcode | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19034A4-1211-4A40-A2D3-2A9F87770081",
"versionEndIncluding": "1.12.1",
"versionStartIncluding": "0.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA59CB1C-4A69-4593-9D22-9B45FCA70490",
"versionEndIncluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ABD977-A333-473B-806D-32ECD7909B35",
"versionEndExcluding": "2016.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CC6F3C-8DA8-4CE0-8E9A-057A0F55DEE4",
"versionEndIncluding": "2017.1.1",
"versionStartIncluding": "2017.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38CBF065-5219-463A-9677-86088D761584",
"versionEndIncluding": "2017.2.3",
"versionStartIncluding": "2017.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB279F6B-EE4C-4885-9CD4-657F6BD2548F",
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
},
{
"lang": "es",
"value": "Las versiones desde la 0.5.6 hasta 1.13.2 incluy\u00e9ndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el m\u00f3dulo filtro de rango de nginx, resultando en un filtrado de informaci\u00f3n potencialmente confidencial activada por una petici\u00f3n especialmente creada."
}
],
"id": "CVE-2017-7529",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-13T13:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
suse-su-2017:2387-1
Vulnerability from csaf_suse
Published
2017-09-07 14:38
Modified
2017-09-07 14:38
Summary
Security update for nginx-1.0
Notes
Title of the patch
Security update for nginx-1.0
Description of the patch
This update for NGINX fixes the following issues:
Security issue fixed:
- CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. (bsc#1048265)
Patchnames
sleslms13-nginx-1.0-13271,slestso13-nginx-1.0-13271,slewyst13-nginx-1.0-13271
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx-1.0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for NGINX fixes the following issues:\n\nSecurity issue fixed:\n- CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. (bsc#1048265)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleslms13-nginx-1.0-13271,slestso13-nginx-1.0-13271,slewyst13-nginx-1.0-13271",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2387-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2387-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172387-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2387-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003192.html"
},
{
"category": "self",
"summary": "SUSE Bug 1048265",
"url": "https://bugzilla.suse.com/1048265"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7529 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7529/"
}
],
"title": "Security update for nginx-1.0",
"tracking": {
"current_release_date": "2017-09-07T14:38:39Z",
"generator": {
"date": "2017-09-07T14:38:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2387-1",
"initial_release_date": "2017-09-07T14:38:39Z",
"revision_history": [
{
"date": "2017-09-07T14:38:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.0-1.0.15-0.35.3.1.i586",
"product": {
"name": "nginx-1.0-1.0.15-0.35.3.1.i586",
"product_id": "nginx-1.0-1.0.15-0.35.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.0-1.0.15-0.35.3.1.ia64",
"product": {
"name": "nginx-1.0-1.0.15-0.35.3.1.ia64",
"product_id": "nginx-1.0-1.0.15-0.35.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.0-1.0.15-0.35.3.1.ppc64",
"product": {
"name": "nginx-1.0-1.0.15-0.35.3.1.ppc64",
"product_id": "nginx-1.0-1.0.15-0.35.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.0-1.0.15-0.35.3.1.s390x",
"product": {
"name": "nginx-1.0-1.0.15-0.35.3.1.s390x",
"product_id": "nginx-1.0-1.0.15-0.35.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.0-1.0.15-0.35.3.1.x86_64",
"product": {
"name": "nginx-1.0-1.0.15-0.35.3.1.x86_64",
"product_id": "nginx-1.0-1.0.15-0.35.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
},
"product_reference": "nginx-1.0-1.0.15-0.35.3.1.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7529"
}
],
"notes": [
{
"category": "general",
"text": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7529",
"url": "https://www.suse.com/security/cve/CVE-2017-7529"
},
{
"category": "external",
"summary": "SUSE Bug 1048265 for CVE-2017-7529",
"url": "https://bugzilla.suse.com/1048265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x",
"SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-07T14:38:39Z",
"details": "important"
}
],
"title": "CVE-2017-7529"
}
]
}
ghsa-85mj-h68w-w736
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-05-13 01:04
Severity ?
VLAI Severity ?
Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
{
"affected": [],
"aliases": [
"CVE-2017-7529"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-13T13:29:00Z",
"severity": "HIGH"
},
"details": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GHSA-85mj-h68w-w736",
"modified": "2022-05-13T01:04:15Z",
"published": "2022-05-13T01:04:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"type": "WEB",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212818"
},
{
"type": "WEB",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039238"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2017-7529
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7529",
"description": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GSD-2017-7529",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7529.html",
"https://www.debian.org/security/2017/dsa-3908",
"https://access.redhat.com/errata/RHSA-2017:2538",
"https://ubuntu.com/security/CVE-2017-7529",
"https://advisories.mageia.org/CVE-2017-7529.html",
"https://security.archlinux.org/CVE-2017-7529",
"https://alas.aws.amazon.com/cve/html/CVE-2017-7529.html",
"https://linux.oracle.com/cve/CVE-2017-7529.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7529"
],
"details": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GSD-2017-7529",
"modified": "2023-12-13T01:21:06.911859Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-7529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx",
"version": {
"version_data": [
{
"version_value": "0.5.6 - 1.13.2"
}
]
}
}
]
},
"vendor_name": "nginx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.1",
"versionStartIncluding": "0.5.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017.1.1",
"versionStartIncluding": "2017.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017.2.3",
"versionStartIncluding": "2017.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7529"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "99534",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-24T16:46Z",
"publishedDate": "2017-07-13T13:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…