Vulnerabilities > F5 > Nginx > 1.2.4

DATE CVE VULNERABILITY TITLE RISK
2014-12-08 CVE-2014-3616 Insufficient Session Expiration vulnerability in multiple products
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
network
f5 debian CWE-613
4.3
4.3
2013-11-23 CVE-2013-4547 Improper Encoding or Escaping of Output vulnerability in multiple products
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
network
low complexity
f5 suse opensuse CWE-116
7.5
7.5
2013-10-27 CVE-2013-0337 Permissions, Privileges, and Access Controls vulnerability in F5 Nginx
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
network
low complexity
f5 CWE-264
7.5
7.5
2013-07-20 CVE-2013-2070 http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
network
f5 debian
5.8
5.8