Описание
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Отчет
This issue did not affect the versions of rh-nginx18-nginx as shipped with Red Hat Software Collections as they did not include the vulnerable module ngx_http_v2_module.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | nginx | Not affected | ||
| Red Hat 3scale API Management Platform 2 | openresty | Not affected | ||
| Red Hat Ansible Tower 3 | nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx | Not affected | ||
| Red Hat Software Collections | rh-nginx18-nginx | Not affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-nginx110-nginx | Fixed | RHSA-2018:3653 | 26.11.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nginx110-nginx | Fixed | RHSA-2018:3653 | 26.11.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nginx112-nginx | Fixed | RHSA-2018:3680 | 27.11.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nginx114-nginx | Fixed | RHSA-2018:3681 | 27.11.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | rh-nginx110-nginx | Fixed | RHSA-2018:3653 | 26.11.2018 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Уязвимость реализации протокола HTTP/2 сервера nginx, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3