Mercurial > hg > nginx-site
annotate xml/en/security_advisories.xml @ 2265:0f10454093df
Updated with Netcraft October 2018 Web Server Survey stats.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 31 Oct 2018 15:42:03 +0300 |
parents | cf8d95bfcf72 |
children | 3fa4584907b8 |
rev | line source |
---|---|
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
1 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
2 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
3 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
4 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
5 |
50 | 6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
8 <article name="nginx security advisories" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 link="/en/security_advisories.html" |
589 | 10 lang="en" |
11 rev="1"> | |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
12 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 <section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <para> |
457
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
16 All nginx security issues should be reported to |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
17 <link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>. |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
18 </para> |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
19 |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
20 <para> |
458
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
21 Patches are signed using one of the |
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
22 <link doc="pgp_keys.xml">PGP public keys</link>. |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
23 </para> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
24 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
25 <security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 |
2010
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
27 <item name="Integer overflow in the range filter" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
28 severity="medium" |
2011
cf8d95bfcf72
Range filter advisory link added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2010
diff
changeset
|
29 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" |
2010
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
30 cve="2017-7529" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
31 good="1.13.3+, 1.12.1+" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
32 vulnerable="0.5.6-1.13.2"> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
33 <patch name="patch.2017.ranges.txt" /> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
34 </item> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
35 |
1715
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
36 <item name="NULL pointer dereference while writing client request body" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
37 severity="medium" |
1716
ecea2f0d22b6
Write request body advisory link updated.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1715
diff
changeset
|
38 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" |
1715
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
39 cve="2016-4450" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
40 good="1.11.1+, 1.10.1+" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
41 vulnerable="1.3.9-1.11.0"> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
42 <patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" /> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
43 <patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" /> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
44 </item> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
45 |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
46 <item name="Invalid pointer dereference in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
47 severity="medium" |
1647 | 48 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
49 cve="2016-0742" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
50 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
51 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
52 |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
53 <item name="Use-after-free during CNAME response processing in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
54 severity="medium" |
1647 | 55 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
56 cve="2016-0746" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
57 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
58 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
59 |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
60 <item name="Insufficient limits of CNAME resolution in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
61 severity="medium" |
1647 | 62 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
63 cve="2016-0747" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
64 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
65 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
66 |
1292
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
67 <item name="SSL session reuse vulnerability" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
68 severity="medium" |
1647 | 69 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" |
1292
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
70 cve="2014-3616" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
71 good="1.7.5+, 1.6.2+" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
72 vulnerable="0.5.6-1.7.4"> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
73 </item> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
74 |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
75 <item name="STARTTLS command injection" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
76 severity="medium" |
1265
ba6da8f0ecd2
Added STARTTLS advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1264
diff
changeset
|
77 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
78 cve="2014-3556" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
79 good="1.7.4+, 1.6.1+" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
80 vulnerable="1.5.6-1.7.3"> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
81 <patch name="patch.2014.starttls.txt" /> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
82 </item> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
83 |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
84 <item name="SPDY heap buffer overflow" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
85 severity="major" |
1100
287c2a9c9d63
Added spdy2 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1098
diff
changeset
|
86 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
87 cve="2014-0133" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
88 good="1.5.12+, 1.4.7+" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
89 vulnerable="1.3.15-1.5.11"> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
90 <patch name="patch.2014.spdy2.txt" /> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
91 </item> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
92 |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
93 <item name="SPDY memory corruption" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
94 severity="major" |
1094
1171d273df8f
Added SPDY advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1092
diff
changeset
|
95 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
96 cve="2014-0088" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
97 good="1.5.11+" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
98 vulnerable="1.5.10"> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
99 <patch name="patch.2014.spdy.txt" /> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
100 </item> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
101 |
1012 | 102 <item name="Request line parsing vulnerability" |
103 severity="medium" | |
1013
48fe3c9534bd
Added link to request line parsing advisory.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1012
diff
changeset
|
104 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" |
1012 | 105 cve="2013-4547" |
106 good="1.5.7+, 1.4.4+" | |
1014 | 107 vulnerable="0.8.41-1.5.6"> |
1012 | 108 <patch name="patch.2013.space.txt" /> |
109 </item> | |
110 | |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
111 <item name="Memory disclosure with specially crafted HTTP backend responses" |
904 | 112 severity="medium" |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
113 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" |
904 | 114 cve="2013-2070" |
115 good="1.5.0+, 1.4.1+, 1.2.9+" | |
116 vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0"> | |
117 <patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" /> | |
118 <patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" /> | |
119 </item> | |
120 | |
899 | 121 <item name="Stack-based buffer overflow with specially crafted request" |
122 severity="major" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
123 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" |
899 | 124 cve="2013-2028" |
125 good="1.5.0+, 1.4.1+" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
126 vulnerable="1.3.9-1.4.0"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
127 <patch name="patch.2013.chunked.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
128 </item> |
899 | 129 |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
130 <item name="Vulnerabilities with Windows directory aliases" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
131 severity="medium" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
132 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
133 cve="2011-4963" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
134 good="1.3.1+, 1.2.1+" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
135 vulnerable="nginx/Windows 0.7.52-1.3.0" /> |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
136 |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
137 <item name="Buffer overflow in the ngx_http_mp4_module" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
138 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
139 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html" |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
140 cve="2012-2089" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
141 good="1.1.19+, 1.0.15+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
142 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
143 <patch name="patch.2012.mp4.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
144 </item> |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
145 |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
146 <item name="Memory disclosure with specially crafted backend responses" |
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
147 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
148 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html" |
472
7054e1c9c9c2
Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
458
diff
changeset
|
149 cve="2012-1180" |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
150 good="1.1.17+, 1.0.14+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
151 vulnerable="0.1.0-1.1.16"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
152 <patch name="patch.2012.memory.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
153 </item> |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
154 |
488
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
155 <item name="Buffer overflow in resolver" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
156 severity="medium" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
157 cve="2011-4315" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
158 good="1.1.8+, 1.0.10+" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
159 vulnerable="0.6.18-1.1.7" /> |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
160 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
161 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
162 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
163 cve="2010-2266" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
164 good="0.8.41+, 0.7.67+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
165 vulnerable="nginx/Windows 0.7.52-0.8.40" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
166 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
167 <item name="Vulnerabilities with Windows file default stream" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
168 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
169 cve="2010-2263" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
170 good="0.8.40+, 0.7.66+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
171 vulnerable="nginx/Windows 0.7.52-0.8.39" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
172 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
173 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
174 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
175 core="CORE-2010-0121" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
176 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
177 good="0.8.33+, 0.7.65+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
178 vulnerable="nginx/Windows 0.7.52-0.8.32" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
179 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
180 <item name="An error log data are not sanitized" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
181 severity="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
182 cve="2009-4487" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
183 good="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
184 vulnerable="all" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
185 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
186 <item name="The renegotiation vulnerability in SSL protocol" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
187 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
188 cert="120541" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
189 cve="2009-3555" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
190 good="0.8.23+, 0.7.64+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
191 vulnerable="0.1.0-0.8.22"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
192 <patch name="patch.cve-2009-3555.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
193 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
194 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
195 <item name="Directory traversal vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
196 severity="minor" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
197 cve="2009-3898" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
198 good="0.8.17+, 0.7.63+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
199 vulnerable="0.1.0-0.8.16" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
200 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
201 <item name="Buffer underflow vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
202 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
203 cert="180065" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
204 cve="2009-2629" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
205 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
206 vulnerable="0.1.0-0.8.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
207 <patch name="patch.180065.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
208 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
209 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
210 <item name="Null pointer dereference vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
211 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
212 cve="2009-3896" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
213 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
214 vulnerable="0.1.0-0.8.13"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
215 <patch name="patch.null.pointer.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
216 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
217 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
218 </security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
219 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
220 </section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
221 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
222 </article> |