Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16845

Опубликовано: 07 нояб. 2018
Источник: nvd
CVSS3: 8.2
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
Версия от 1.0.7 (включая) до 1.0.15 (включая)
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
Версия от 1.1.3 (включая) до 1.15.5 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Версия до 13.0 (исключая)

EPSS

Процентиль: 89%
0.04539
Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-400
CWE-835

Связанные уязвимости

ubuntu логотип

CVE-2018-16845

CVSS3: 6.1
ubuntu
больше 6 лет назад

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

redhat логотип

CVE-2018-16845

CVSS3: 8.2
redhat
больше 6 лет назад

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

debian логотип

CVE-2018-16845

CVSS3: 6.1
debian
больше 6 лет назад

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ...

github логотип

GHSA-vq5f-vpgw-9vcp

CVSS3: 6.1
github
около 3 лет назад

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

fstec логотип

BDU:2019-00984

CVSS3: 5.4
fstec
больше 6 лет назад

Уязвимость модуля ngx_http_mp4_module сервера nginx, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию

EPSS

Процентиль: 89%
0.04539
Низкий

8.2 High

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-400
CWE-835