This update for nginx fixes the following issues :

Security issues fixed :

CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).

CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).

CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).

CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).

CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).

CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2799 advisory.

    - Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of       data request leads to denial of service
    - Resolves: #1744325 - CVE-2019-9513 nginx:1.14/nginx: HTTP/2: flood using       PRIORITY frames resulting in excessive resource consumption

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - nginx before versions 1.15.6 and 1.14.1 has a     vulnerability in the implementation of HTTP/2 that can     allow for excessive memory consumption. This issue     affects nginx compiled with the ngx_http_v2_module (not     compiled by default) if the 'http2' option of the     'listen' directive is used in a configuration     file.(CVE-2018-16843)

  - nginx before versions 1.15.6 and 1.14.1 has a     vulnerability in the implementation of HTTP/2 that can     allow for excessive CPU usage. This issue affects nginx     compiled with the ngx_http_v2_module (not compiled by     default) if the 'http2' option of the 'listen'     directive is used in a configuration     file.(CVE-2018-16844)

  - Some HTTP/2 implementations are vulnerable to resource     loops, potentially leading to a denial of service. The     attacker creates multiple request streams and     continually shuffles the priority of the streams in a     way that causes substantial churn to the priority tree.
    This can consume excess CPU.(CVE-2019-9513)

  - Some HTTP/2 implementations are vulnerable to window     size manipulation and stream prioritization     manipulation, potentially leading to a denial of     service. The attacker requests a large amount of data     from a specified resource over multiple streams. They     manipulate window size and stream priority to force the     server to queue the data in 1-byte chunks. Depending on     how efficiently this data is queued, this can consume     excess CPU, memory, or both.(CVE-2019-9511)

  - Some HTTP/2 implementations are vulnerable to a header     leak, potentially leading to a denial of service. The     attacker sends a stream of headers with a 0-length     header name and 0-length header value, optionally     Huffman encoded into 1-byte or greater headers. Some     implementations allocate memory for these headers and     keep the allocation alive until the session dies. This     can consume excess memory.(CVE-2019-9516)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to it's self reported version, the installed version of Nginx Plus is R8 (built on Open Source version 1.9.9) prior to R18-P1 (built on Open Source version 1.15.10). It is, therefore, affected by multiple denial of service vulnerabilities :

  - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional     conditions. An unauthenticated, remote attacker can exploit this, by manipulating the window size and stream     priority of a large data request, to cause a denial of service condition. (CVE-2019-9511)

  - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional     conditions. An unauthenticated, remote attacker can exploit this, by creating multiple request streams and     continually shuffling the priority of the streams, to cause a denial of service condition. (CVE-2019-9513)

  - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional     conditions. An unauthenticated, remote attacker can exploit this, by sending a stream of headers with a zero length     header name and zero length header value, to cause a denial of service condition. (CVE-2019-9516)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3932 advisory.

    This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services     offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and     includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant     bug fixes and enhancements included in this release.

    Security Fix(es):

    * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to     recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm     (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl:
    Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) *     mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded     request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2:
    read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads     to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive     resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service     (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2746 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

    * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-d5b2c18fe6 advisory.

  - Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
    The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally     Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and     keep the allocation alive until the session dies. This can consume excess memory. (CVE-2019-9516)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its     TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls     node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method     does not return an error, this object is passed back to the caller as part of a StreamWriteResult     structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other     exploits. (CVE-2020-8265)

  - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP     request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first     header field and ignores the second. This can lead to HTTP Request Smuggling. (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
128544	SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	9/6/2019	12/5/2022	medium
129087	Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799)	Nessus	Oracle Linux Local Security Checks	9/20/2019	11/1/2024	high
129443	EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)	Nessus	Huawei Local Security Checks	9/30/2019	4/22/2024	high
161697	nginx R8 < R18-P1 Multiple Vulnerabilities	Nessus	Web Servers	5/31/2022	10/26/2023	high
131215	RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6 (Important) (RHSA-2019:3932)	Nessus	Red Hat Local Security Checks	11/22/2019	11/7/2024	high
194174	RHEL 7 : rh-nginx112-nginx (RHSA-2019:2746)	Nessus	Red Hat Local Security Checks	4/28/2024	11/6/2024	high
145150	Fedora 32 : 1:nodejs (2021-d5b2c18fe6)	Nessus	Fedora Local Security Checks	1/20/2021	1/29/2024	high

Detections

Analytics

Plugins Search

medium

high

high

high

high

high

high