Facebook Share
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Nginx multiple security issues fixed
#1
Bug 
============================================================
           Product: Nginx
               URL: http://nginx.org
        CVE Number: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
            Impact: Low / Medium
              Date: 2018-11-10
============================================================

Product Description:
-------------------

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018.

Vulnerability Description:
-------------------------

Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845).

Reference(s):
------------

http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
| GIGEBOX.COM
| High Performance Business Hosting.
| https://www.gigebox.com
Reply Return to top


Possibly Related Threads...
Thread Author Replies Views Last Post
  Major Microsoft security flaw could let hackers use Cortana to bypass your password xz3r0 1 532 07-16-2018, 01:19 PM
Last Post: to7update

Forum Jump:


Users browsing this thread: 2 Guest(s)