Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

f5 nginx 1.3.0 vulnerabilities and exploits

(subscribe to this query)
445
VMScore
CVE-2011-4963
nginx/Windows 1.3.x prior to 1.3.1 and 1.2.x prior to 1.2.1 allows remote malicious users to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
F5 NginxF5 Nginx 1.3.0
294
VMScore
CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Nginx Service Mesh 1.3.1F5 Nginx Service Mesh 1.3.0
668
VMScore
CVE-2013-0337
The default configuration of nginx, possibly 1.3.13 and previous versions, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
F5 NginxF5 Nginx 1.2.0F5 Nginx 1.1.9F5 Nginx 1.1.8F5 Nginx 1.1.7F5 Nginx 1.1.12F5 Nginx 1.1.11F5 Nginx 1.1.10F5 Nginx 1.1.1F5 Nginx 1.0.11F5 Nginx 1.0.10F5 Nginx 1.0.1F5 Nginx 1.0.0F5 Nginx 1.3.8F5 Nginx 1.3.7F5 Nginx 1.3.6F5 Nginx 1.3.5F5 Nginx 1.1.2F5 Nginx 1.1.19F5 Nginx 1.1.18F5 Nginx 1.1.17F5 Nginx 1.0.5
516
VMScore
CVE-2013-2070
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 up to and including 1.2.8 and 1.3.0 up to and including 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote malicious users to cause a denial of service (crash) and obtain sensitive information from worker ...
F5 NginxDebian Debian Linux 6.0Debian Debian Linux 7.0
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0Nghttp2 Nghttp2Netty NettyEnvoyproxy Envoy 1.27.0Envoyproxy Envoy 1.26.4Envoyproxy Envoy 1.25.9Envoyproxy Envoy 1.24.10Eclipse JettyCaddyserver CaddyGolang Http2Golang GoGolang NetworkingF5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook