Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4450

Опубликовано: 31 мая 2016
Источник: redhat
CVSS2: 4.3

Описание

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsnginx16-nginxWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-nginx18-nginxFixedRHSA-2016:142514.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSrh-nginx18-nginxFixedRHSA-2016:142514.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-nginx18-nginxFixedRHSA-2016:142514.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nginx18-nginxFixedRHSA-2016:142514.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUSrh-nginx18-nginxFixedRHSA-2016:142514.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUSrh-nginx18-nginxFixedRHSA-2016:142514.07.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1341462nginx: NULL pointer dereference while writing client request body

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4450

CVSS3: 7.5
ubuntu
больше 9 лет назад

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

nvd логотип

CVE-2016-4450

CVSS3: 7.5
nvd
больше 9 лет назад

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

debian логотип

CVE-2016-4450

CVSS3: 7.5
debian
больше 9 лет назад

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ...

github логотип

GHSA-qw3j-mxg7-jx9v

CVSS3: 7.5
github
больше 3 лет назад

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

fstec логотип

BDU:2021-05139

CVSS3: 7.5
fstec
больше 9 лет назад

Уязвимость компонента os/unix/ngx_files.c платформы мониторинга и управления приложениями NGINX, позволяющая нарушителю вызвать отказ в обслуживании

4.3 Medium

CVSS2