[FREEBSD:EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B] nginx -- multiple vulnerabilities
Severity
High
Affected Packages
2
CVEs
2
The nginx project reports:
A stack-based buffer overflow might occur in a worker process
process while handling a specially crafted request, potentially
resulting in arbitrary code execution. [CVE-2013-2028]
A security problem related to CVE-2013-2028 was identified,
affecting some previous nginx versions if proxy_pass to
untrusted upstream HTTP servers is used.
The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an
upstream proxied server. [CVE-2013-2070]
Package | Affected Version |
---|---|
pkg:freebsd/nginx-devel | < 1.5.0 |
pkg:freebsd/nginx | < 1.4.1,1 |
- ID
- FREEBSD:EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B
- Severity
- high
- Severity from
- CVE-2013-2028
- URL
- http://vuxml.freebsd.org/freebsd/efaa4071-b700-11e2-b1b9-f0def16c5c1b.html
- Published
-
2013-05-07T00:00:00
(11 years ago) - Modified
-
2013-05-07T00:00:00
(11 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html | ||
FreeBSD VuXML | http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/nginx-devel | nginx-devel | < 1.5.0 | ||||
Affected | pkg:freebsd/nginx | nginx | < 1.4.1,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |