Mercurial > hg > nginx-site
annotate xml/en/security_advisories.xml @ 1589:be92e50c52ac
Documented the "nohostname" syslog option.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 29 Oct 2015 16:19:42 +0300 |
parents | bb18e3bd3fb9 |
children | d4b29af80036 |
rev | line source |
---|---|
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
1 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
2 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
3 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
4 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
5 |
50 | 6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
8 <article name="nginx security advisories" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 link="/en/security_advisories.html" |
589 | 10 lang="en" |
11 rev="1"> | |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
12 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 <section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <para> |
457
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
16 All nginx security issues should be reported to |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
17 <link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>. |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
18 </para> |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
19 |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
20 <para> |
458
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
21 Patches are signed using one of the |
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
22 <link doc="pgp_keys.xml">PGP public keys</link>. |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
23 </para> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
24 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
25 <security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 |
1292
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
27 <item name="SSL session reuse vulnerability" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
28 severity="medium" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
29 cve="2014-3616" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
30 good="1.7.5+, 1.6.2+" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
31 vulnerable="0.5.6-1.7.4"> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
32 </item> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
33 |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
34 <item name="STARTTLS command injection" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
35 severity="medium" |
1265
ba6da8f0ecd2
Added STARTTLS advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1264
diff
changeset
|
36 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
37 cve="2014-3556" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
38 good="1.7.4+, 1.6.1+" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
39 vulnerable="1.5.6-1.7.3"> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
40 <patch name="patch.2014.starttls.txt" /> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
41 </item> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
42 |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
43 <item name="SPDY heap buffer overflow" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
44 severity="major" |
1100
287c2a9c9d63
Added spdy2 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1098
diff
changeset
|
45 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
46 cve="2014-0133" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
47 good="1.5.12+, 1.4.7+" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
48 vulnerable="1.3.15-1.5.11"> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
49 <patch name="patch.2014.spdy2.txt" /> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
50 </item> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
51 |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
52 <item name="SPDY memory corruption" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
53 severity="major" |
1094
1171d273df8f
Added SPDY advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1092
diff
changeset
|
54 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
55 cve="2014-0088" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
56 good="1.5.11+" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
57 vulnerable="1.5.10"> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
58 <patch name="patch.2014.spdy.txt" /> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
59 </item> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
60 |
1012 | 61 <item name="Request line parsing vulnerability" |
62 severity="medium" | |
1013
48fe3c9534bd
Added link to request line parsing advisory.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1012
diff
changeset
|
63 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" |
1012 | 64 cve="2013-4547" |
65 good="1.5.7+, 1.4.4+" | |
1014 | 66 vulnerable="0.8.41-1.5.6"> |
1012 | 67 <patch name="patch.2013.space.txt" /> |
68 </item> | |
69 | |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
70 <item name="Memory disclosure with specially crafted HTTP backend responses" |
904 | 71 severity="medium" |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
72 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" |
904 | 73 cve="2013-2070" |
74 good="1.5.0+, 1.4.1+, 1.2.9+" | |
75 vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0"> | |
76 <patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" /> | |
77 <patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" /> | |
78 </item> | |
79 | |
899 | 80 <item name="Stack-based buffer overflow with specially crafted request" |
81 severity="major" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
82 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" |
899 | 83 cve="2013-2028" |
84 good="1.5.0+, 1.4.1+" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
85 vulnerable="1.3.9-1.4.0"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
86 <patch name="patch.2013.chunked.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
87 </item> |
899 | 88 |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
89 <item name="Vulnerabilities with Windows directory aliases" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
90 severity="medium" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
91 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
92 cve="2011-4963" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
93 good="1.3.1+, 1.2.1+" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
94 vulnerable="nginx/Windows 0.7.52-1.3.0" /> |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
95 |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
96 <item name="Buffer overflow in the ngx_http_mp4_module" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
97 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
98 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html" |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
99 cve="2012-2089" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
100 good="1.1.19+, 1.0.15+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
101 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
102 <patch name="patch.2012.mp4.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
103 </item> |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
104 |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
105 <item name="Memory disclosure with specially crafted backend responses" |
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
106 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
107 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html" |
472
7054e1c9c9c2
Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
458
diff
changeset
|
108 cve="2012-1180" |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
109 good="1.1.17+, 1.0.14+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
110 vulnerable="0.1.0-1.1.16"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
111 <patch name="patch.2012.memory.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
112 </item> |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
113 |
488
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
114 <item name="Buffer overflow in resolver" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
115 severity="medium" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
116 cve="2011-4315" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
117 good="1.1.8+, 1.0.10+" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
118 vulnerable="0.6.18-1.1.7" /> |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
119 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
120 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
121 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
122 cve="2010-2266" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
123 good="0.8.41+, 0.7.67+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
124 vulnerable="nginx/Windows 0.7.52-0.8.40" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
125 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
126 <item name="Vulnerabilities with Windows file default stream" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
127 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
128 cve="2010-2263" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
129 good="0.8.40+, 0.7.66+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
130 vulnerable="nginx/Windows 0.7.52-0.8.39" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
131 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
132 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
133 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
134 core="CORE-2010-0121" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
135 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
136 good="0.8.33+, 0.7.65+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
137 vulnerable="nginx/Windows 0.7.52-0.8.32" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
138 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
139 <item name="An error log data are not sanitized" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
140 severity="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
141 cve="2009-4487" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
142 good="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
143 vulnerable="all" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
144 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
145 <item name="The renegotiation vulnerability in SSL protocol" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
146 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
147 cert="120541" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
148 cve="2009-3555" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
149 good="0.8.23+, 0.7.64+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
150 vulnerable="0.1.0-0.8.22"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
151 <patch name="patch.cve-2009-3555.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
152 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
153 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
154 <item name="Directory traversal vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
155 severity="minor" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
156 cve="2009-3898" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
157 good="0.8.17+, 0.7.63+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
158 vulnerable="0.1.0-0.8.16" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
159 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
160 <item name="Buffer underflow vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
161 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
162 cert="180065" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
163 cve="2009-2629" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
164 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
165 vulnerable="0.1.0-0.8.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
166 <patch name="patch.180065.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
167 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
168 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
169 <item name="Null pointer dereference vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
170 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
171 cve="2009-3896" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
172 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
173 vulnerable="0.1.0-0.8.13"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
174 <patch name="patch.null.pointer.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
175 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
176 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
177 </security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
178 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
179 </section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
180 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
181 </article> |