nginx 1.5.10 SPDY Memory Corruption

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a memory corruption

Description :

According to the self-reported version in the server response header,
the installed nginx version is 1.5.10. It is, therefore, affected by a
memory corruption vulnerability.

A flaw exists with the SPDY module implementation, where worker
process memory could be corrupted via a specially crafted request.
This could allow a remote attacker to execute arbitrary code.

Note that Nessus has not tested for this issue or otherwise determined
if a patch is applied but has instead relied only on the
application's self-reported version number.

See also :

Solution :

Apply the patch manually or upgrade to nginx 1.5.11 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.4
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 73894 ()

Bugtraq ID: 67507

CVE ID: CVE-2014-0088

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now