Detections
Analytics

nginx ngx_http_proxy_module.c Multiple Vulnerabilities

critical Nessus Plugin ID 66672

Language:

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its Server response header, the installed version of nginx is 1.1.4 through 1.2.8, 1.3.x, or 1.4.x prior to 1.4.1. It is, therefore, affected by multiple vulnerabilities :

 - A stack-based buffer overflow in 'ngx_http_parse.c' may allow a remote attacker to execute arbitrary code or trigger a denial of service condition via a specially crafted HTTP request. This vulnerability only affects versions greater than or equal to 1.3.9 and less than 1.4.1. (CVE-2013-2028)

 - A memory disclosure vulnerability in 'ngx_http_parse.c' affects servers that use 'proxy_pass' to untrusted upstream servers. This issue can be triggered by a remote attacker via a specially crafted HTTP request.
 Failed attempts may result in a denial of service condition. (CVE-2013-2070)

Solution

Either apply the patch manually or upgrade to nginx 1.4.1 / 1.5.0 or later.

See Also

http://nginx.org/en/security_advisories.html

http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html

Plugin Details

Severity: Critical

ID: 66672

File Name: nginx_1_5_0.nasl

Version: 1.20

Type: combined

Agent: unix

Family: Web Servers

Published: 5/29/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-2028

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:nginx:nginx

Required KB Items: installed_sw/nginx

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/7/2013

Vulnerability Publication Date: 5/7/2013

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow)

Reference Information

CVE: CVE-2013-2028, CVE-2013-2070

BID: 59699, 59824