Vulnerabilities > F5 > Nginx > 0.7.42
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-27 | CVE-2013-0337 | Permissions, Privileges, and Access Controls vulnerability in F5 Nginx The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | 7.5 |
2012-04-17 | CVE-2012-1180 | Use After Free vulnerability in multiple products Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 5.0 |
2011-12-08 | CVE-2011-4315 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | 6.8 |
2010-12-06 | CVE-2010-4180 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | 4.3 |
2009-11-24 | CVE-2009-3898 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. | 4.9 |
2009-11-24 | CVE-2009-3896 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | 5.0 |
2009-09-15 | CVE-2009-2629 | Out-of-bounds Write vulnerability in multiple products Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | 7.5 |