Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2024-31079

Published: 29/05/2024 Updated: 10/06/2024

Vulnerability Summary

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.

Mailing Lists

Full Disclosure: nginx HTTP/3 security issues/fixes
Hi, This was on the nginx-announce list yesterday: mailmannginxorg/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6html --- [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200) Sergey Kandaurov pluknet at nginxcom Wed May 29 15:12:07 UTC 2024 Hello! Four security is ...

References

https://my.f5.com/manage/s/article/K000139611https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/http://www.openwall.com/lists/oss-security/2024/05/30/4https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q2/266
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4541CVE-2024-3080CVE-2024-4787log injectionCVE-2024-5967injectCVE-2024-30078CVE-2024-5899
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook