Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
696
VMScore

CVE-2018-16843

Published: 07/11/2018 Updated: 22/02/2022
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 696
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Nginx

Vulnerability Summary

nginx prior to 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 nginx

debian debian linux 9.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

opensuse leap 15.1

apple xcode

Vendor Advisories

Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
Debian Bug report logs - #913090 nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Package: src:nginx; Maintainer for src:nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 6 Nov 2018 20:27:01 UTC Severity: grave Tags: ...
Ubuntu Security Notice: nginx vulnerabilities
Several security issues were fixed in nginx ...
Red Hat: Important: rh-nginx114-nginx security update
Synopsis Important: rh-nginx114-nginx security update Type/Severity Security Advisory: Important Topic An update for rh-nginx114-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: rh-nginx112-nginx security update
Synopsis Important: rh-nginx112-nginx security update Type/Severity Security Advisory: Important Topic An update for rh-nginx112-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: rh-nginx110-nginx security update
Synopsis Important: rh-nginx110-nginx security update Type/Severity Security Advisory: Important Topic An update for rh-nginx110-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Amazon Linux AMI: ALAS-2018-1125
nginx before versions 1156 and 1141 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file (CVE-2018-16843) nginx before versions 1 ...
Red Hat: CVE-2018-16843
nginx before versions 1156 and 1141 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file ...

Github Repositories

https://github.com/anitazhaochen/anitazhaochen.github.io

blog

title tags category date 本博客更新日志 Nginx Blog Blog 2018-01-10 2020-522 更新 我住的地方nas就在我旁边,一个单间。晚上有点吵,又想晚上反正也不用,挂了四块硬盘的nas,http 服务也挂在上面,基本是不会休眠的。 又想了下电费,觉得入手一个树莓派势

https://github.com/Dekkert/dz6_soft_distribution

Управление пакетами Дистрибьюция софта Задание: Собрать собственный rpm пакет и разместить его в собственном репозитории Выполнение: Собираем nginx 1233 c поддержкой tls v13 (openssl-111q - 2022-Oct-12)

https://github.com/nargamard/OTUS-Task6

Домашнее задание Размещаем свой RPM в своем репозитории создать свой RPM; создать свой репо и разместить там свой RPM; реализовать это все либо в вагранте Решение Создан Vagrantfile с описанием машины с 8Гб RAM и 4 ядр

https://github.com/ConstantaNF/RPM

Размещаем свой RPM в своем репозитории Описание домашннего задания Создать свой RPM пакет (можно взять свое приложение, либо собрать, например, апач с определенными опциями) Создать свой репозиторий и размести

https://github.com/adastraaero/OTUS_LinuxProf

Выполнение домашних работ по курсу OTUS - Administrator LinuxProfessional Lesson1 Задача: 1) Обновить ядро ОС из репозитория ELRepo 2) Создать Vagrant box c помощью Packer 3) Загрузить Vagrant box в Vagrant Cloud Создаем ВМ используя и запуская Vagrantfile: # О

References

CWE-400https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.htmlhttps://usn.ubuntu.com/3812-1/http://www.securitytracker.com/id/1042038https://www.debian.org/security/2018/dsa-4335http://www.securityfocus.com/bid/105868https://access.redhat.com/errata/RHSA-2018:3653https://access.redhat.com/errata/RHSA-2018:3681https://access.redhat.com/errata/RHSA-2018:3680http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.htmlhttps://support.apple.com/kb/HT212818http://seclists.org/fulldisclosure/2021/Sep/36https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090https://usn.ubuntu.com/3812-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook