Mercurial > hg > nginx-site

annotate xml/en/security_advisories.xml @ 3072:7f493ec56c12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Renamed news page.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 09 Apr 2024 18:14:16 +0300
parents 2709ce3b9cd7
children 4bad11519815
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
580
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
1 <!--
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
2 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
3 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
4 -->
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
5
50
9d544687d02c Fixed DOCTYPE declaration.
Ruslan Ermilov <ru@nginx.com>
parents: 0
diff changeset
6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd">
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
8 <article name="nginx security advisories"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 link="/en/security_advisories.html"
589
764fbac1b8b4 Added document revision.
Ruslan Ermilov <ru@nginx.com>
parents: 580
diff changeset
10 lang="en"
3058
2709ce3b9cd7 Free nginx: updated security-alert@ domain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2923
diff changeset
11 rev="2">
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
12
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13 <section>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15 <para>
457
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
16 All nginx security issues should be reported to
3058
2709ce3b9cd7 Free nginx: updated security-alert@ domain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2923
diff changeset
17 <link url="mailto:security-alert@freenginx.org">
2709ce3b9cd7 Free nginx: updated security-alert@ domain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2923
diff changeset
18 security-alert@freenginx.org</link>.
457
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
19 </para>
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
20
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
21 <para>
458
cdf45fe0d9de Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents: 457
diff changeset
22 Patches are signed using one of the
cdf45fe0d9de Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents: 457
diff changeset
23 <link doc="pgp_keys.xml">PGP public keys</link>.
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24 </para>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 <security>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27
2898
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
28 <item name="Memory corruption in the ngx_http_mp4_module"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
29 severity="medium"
2923
ef7f2666cc09 Updated advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2899
diff changeset
30 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"
2898
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
31 cve="2022-41741"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
32 good="1.23.2+, 1.22.1+"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
33 vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15">
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
34 <patch name="patch.2022.mp4.txt" />
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
35 </item>
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
36
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
37 <item name="Memory disclosure in the ngx_http_mp4_module"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
38 severity="medium"
2923
ef7f2666cc09 Updated advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2899
diff changeset
39 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"
2898
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
40 cve="2022-41742"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
41 good="1.23.2+, 1.22.1+"
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
42 vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15">
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
43 <patch name="patch.2022.mp4.txt" />
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
44 </item>
0b7e004b5061 nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2727
diff changeset
45
2726
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
46 <item name="1-byte memory overwrite in resolver"
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
47 severity="medium"
2727
0456ea786ef6 Advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2726
diff changeset
48 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
2726
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
49 cve="2021-23017"
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
50 good="1.21.0+, 1.20.1+"
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
51 vulnerable="0.6.18-1.20.0">
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
52 <patch name="patch.2021.resolver.txt" />
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
53 </item>
a7a36efd10af nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2417
diff changeset
54
2416
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
55 <item name="Excessive CPU usage in HTTP/2 with small window updates"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
56 severity="medium"
2417
e35ed485070d Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2416
diff changeset
57 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
2416
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
58 cve="2019-9511"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
59 good="1.17.3+, 1.16.1+"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
60 vulnerable="1.9.5-1.17.2">
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
61 </item>
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
62
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
63 <item name="Excessive CPU usage in HTTP/2 with priority changes"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
64 severity="low"
2417
e35ed485070d Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2416
diff changeset
65 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
2416
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
66 cve="2019-9513"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
67 good="1.17.3+, 1.16.1+"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
68 vulnerable="1.9.5-1.17.2">
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
69 </item>
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
70
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
71 <item name="Excessive memory usage in HTTP/2 with zero length headers"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
72 severity="low"
2417
e35ed485070d Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2416
diff changeset
73 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
2416
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
74 cve="2019-9516"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
75 good="1.17.3+, 1.16.1+"
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
76 vulnerable="1.9.5-1.17.2">
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
77 </item>
eecb26e2c4ab nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2273
diff changeset
78
2272
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
79 <item name="Excessive memory usage in HTTP/2"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
80 severity="low"
2273
626533759806 Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2272
diff changeset
81 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
2272
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
82 cve="2018-16843"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
83 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
84 vulnerable="1.9.5-1.15.5">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
85 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
86
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
87 <item name="Excessive CPU usage in HTTP/2"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
88 severity="low"
2273
626533759806 Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2272
diff changeset
89 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
2272
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
90 cve="2018-16844"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
91 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
92 vulnerable="1.9.5-1.15.5">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
93 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
94
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
95 <item name="Memory disclosure in the ngx_http_mp4_module"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
96 severity="medium"
2273
626533759806 Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2272
diff changeset
97 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
2272
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
98 cve="2018-16845"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
99 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
100 vulnerable="1.1.3-1.15.5, 1.0.7-1.0.15">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
101 <patch name="patch.2018.mp4.txt" />
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
102 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
103
2010
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
104 <item name="Integer overflow in the range filter"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
105 severity="medium"
2011
cf8d95bfcf72 Range filter advisory link added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2010
diff changeset
106 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
2010
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
107 cve="2017-7529"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
108 good="1.13.3+, 1.12.1+"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
109 vulnerable="0.5.6-1.13.2">
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
110 <patch name="patch.2017.ranges.txt" />
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
111 </item>
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
112
1715
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
113 <item name="NULL pointer dereference while writing client request body"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
114 severity="medium"
1716
ecea2f0d22b6 Write request body advisory link updated.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1715
diff changeset
115 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
1715
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
116 cve="2016-4450"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
117 good="1.11.1+, 1.10.1+"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
118 vulnerable="1.3.9-1.11.0">
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
119 <patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" />
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
120 <patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" />
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
121 </item>
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
122
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
123 <item name="Invalid pointer dereference in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
124 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
125 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
126 cve="2016-0742"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
127 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
128 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
129
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
130 <item name="Use-after-free during CNAME response processing in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
131 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
132 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
133 cve="2016-0746"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
134 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
135 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
136
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
137 <item name="Insufficient limits of CNAME resolution in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
138 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
139 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
140 cve="2016-0747"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
141 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
142 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
143
1292
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
144 <item name="SSL session reuse vulnerability"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
145 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
146 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
1292
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
147 cve="2014-3616"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
148 good="1.7.5+, 1.6.2+"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
149 vulnerable="0.5.6-1.7.4">
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
150 </item>
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
151
1264
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
152 <item name="STARTTLS command injection"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
153 severity="medium"
1265
ba6da8f0ecd2 Added STARTTLS advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1264
diff changeset
154 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
1264
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
155 cve="2014-3556"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
156 good="1.7.4+, 1.6.1+"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
157 vulnerable="1.5.6-1.7.3">
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
158 <patch name="patch.2014.starttls.txt" />
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
159 </item>
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
160
1098
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
161 <item name="SPDY heap buffer overflow"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
162 severity="major"
1100
287c2a9c9d63 Added spdy2 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1098
diff changeset
163 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
1098
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
164 cve="2014-0133"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
165 good="1.5.12+, 1.4.7+"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
166 vulnerable="1.3.15-1.5.11">
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
167 <patch name="patch.2014.spdy2.txt" />
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
168 </item>
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
169
1092
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
170 <item name="SPDY memory corruption"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
171 severity="major"
1094
1171d273df8f Added SPDY advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1092
diff changeset
172 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
1092
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
173 cve="2014-0088"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
174 good="1.5.11+"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
175 vulnerable="1.5.10">
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
176 <patch name="patch.2014.spdy.txt" />
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
177 </item>
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
178
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
179 <item name="Request line parsing vulnerability"
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
180 severity="medium"
1013
48fe3c9534bd Added link to request line parsing advisory.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1012
diff changeset
181 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
182 cve="2013-4547"
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
183 good="1.5.7+, 1.4.4+"
1014
7ec9a1afbadc Typo fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1013
diff changeset
184 vulnerable="0.8.41-1.5.6">
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
185 <patch name="patch.2013.space.txt" />
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
186 </item>
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
187
906
ec5d7bb1d40c Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 904
diff changeset
188 <item name="Memory disclosure with specially crafted HTTP backend responses"
904
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
189 severity="medium"
906
ec5d7bb1d40c Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 904
diff changeset
190 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"
904
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
191 cve="2013-2070"
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
192 good="1.5.0+, 1.4.1+, 1.2.9+"
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
193 vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0">
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
194 <patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" />
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
195 <patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" />
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
196 </item>
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
197
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
198 <item name="Stack-based buffer overflow with specially crafted request"
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
199 severity="major"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
200 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
201 cve="2013-2028"
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
202 good="1.5.0+, 1.4.1+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
203 vulnerable="1.3.9-1.4.0">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
204 <patch name="patch.2013.chunked.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
205 </item>
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
206
525
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
207 <item name="Vulnerabilities with Windows directory aliases"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
208 severity="medium"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
209 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html"
525
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
210 cve="2011-4963"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
211 good="1.3.1+, 1.2.1+"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
212 vulnerable="nginx/Windows 0.7.52-1.3.0" />
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
213
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
214 <item name="Buffer overflow in the ngx_http_mp4_module"
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
215 severity="major"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
216 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html"
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
217 cve="2012-2089"
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
218 good="1.1.19+, 1.0.15+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
219 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
220 <patch name="patch.2012.mp4.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
221 </item>
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
222
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
223 <item name="Memory disclosure with specially crafted backend responses"
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
224 severity="major"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
225 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html"
472
7054e1c9c9c2 Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 458
diff changeset
226 cve="2012-1180"
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
227 good="1.1.17+, 1.0.14+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
228 vulnerable="0.1.0-1.1.16">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
229 <patch name="patch.2012.memory.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
230 </item>
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
231
488
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
232 <item name="Buffer overflow in resolver"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
233 severity="medium"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
234 cve="2011-4315"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
235 good="1.1.8+, 1.0.10+"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
236 vulnerable="0.6.18-1.1.7" />
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
237
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
238 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240 cve="2010-2266"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241 good="0.8.41+, 0.7.67+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
242 vulnerable="nginx/Windows 0.7.52-0.8.40" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
243
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
244 <item name="Vulnerabilities with Windows file default stream"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
245 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
246 cve="2010-2263"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
247 good="0.8.40+, 0.7.66+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
248 vulnerable="nginx/Windows 0.7.52-0.8.39" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
249
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
250 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
251 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
252 core="CORE-2010-0121"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
253 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
254 good="0.8.33+, 0.7.65+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
255 vulnerable="nginx/Windows 0.7.52-0.8.32" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
256
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
257 <item name="An error log data are not sanitized"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
258 severity="none"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
259 cve="2009-4487"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
260 good="none"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
261 vulnerable="all" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
262
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
263 <item name="The renegotiation vulnerability in SSL protocol"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
264 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
265 cert="120541"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
266 cve="2009-3555"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
267 good="0.8.23+, 0.7.64+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
268 vulnerable="0.1.0-0.8.22">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
269 <patch name="patch.cve-2009-3555.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
270 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
271
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
272 <item name="Directory traversal vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
273 severity="minor"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
274 cve="2009-3898"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
275 good="0.8.17+, 0.7.63+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
276 vulnerable="0.1.0-0.8.16" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
277
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
278 <item name="Buffer underflow vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
279 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
280 cert="180065"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
281 cve="2009-2629"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
282 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
283 vulnerable="0.1.0-0.8.14">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
284 <patch name="patch.180065.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
285 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
286
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
287 <item name="Null pointer dereference vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
288 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
289 cve="2009-3896"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
290 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
291 vulnerable="0.1.0-0.8.13">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
292 <patch name="patch.null.pointer.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
293 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
294
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
295 </security>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
296
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
297 </section>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
298
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
299 </article>