Описание
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Ссылки
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 4.8
ubuntu
около 6 лет назад
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS3: 4.8
debian
около 6 лет назад
nginx http proxy module does not verify peer identity of https origin ...
CVSS3: 4.8
github
почти 4 года назад
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
EPSS
Процентиль: 60%
0.00391
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20