nginx Multiple Denial of Service Vulnerabilities
BID:105868
CVE-2018-16843 | CVE-2018-16844 | CVE-2018-16845 |Info
nginx Multiple Denial of Service Vulnerabilities
| Bugtraq ID: | 105868 |
| Class: | Design Error |
| CVE: |
CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2018 12:00AM |
| Updated: | Nov 06 2018 12:00AM |
| Credit: | Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx) |
| Vulnerable: |
Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Redhat Software Collections for RHEL 0 Nginx Nginx 1.15.5 Nginx Nginx 1.14 Nginx Nginx 1.13.3 Nginx Nginx 1.12.1 Nginx Nginx 1.12 Nginx Nginx 1.11.12 Nginx Nginx 1.11.1 Nginx Nginx 1.11 Nginx Nginx 1.10.3 Nginx Nginx 1.10.1 Nginx Nginx 1.10 Nginx Nginx 1.9.15 Nginx Nginx 1.9.10 Nginx Nginx 1.9.9 Nginx Nginx 1.9.5 Nginx Nginx 1.9 Nginx Nginx 1.8.1 Nginx Nginx 1.8 Nginx Nginx 1.7.12 Nginx Nginx 1.7 Nginx Nginx 1.6.3 Nginx Nginx 1.5.13 Nginx Nginx 1.4.7 Nginx Nginx 1.3.16 Nginx Nginx 1.3.15 Nginx Nginx 1.3.14 Nginx Nginx 1.3.11 Nginx Nginx 1.2.9 Nginx Nginx 1.1.18 Nginx Nginx 1.1.17 Nginx Nginx 1.6.1 Nginx Nginx 1.6.0 Nginx Nginx 1.5.9 Nginx Nginx 1.5.8 Nginx Nginx 1.5.7 Nginx Nginx 1.5.6 Nginx Nginx 1.5.5 Nginx Nginx 1.5.4 Nginx Nginx 1.5.3 Nginx Nginx 1.5.2 Nginx Nginx 1.5.12 Nginx Nginx 1.5.11 Nginx Nginx 1.5.10 Nginx Nginx 1.5.1 Nginx Nginx 1.5.0 Nginx Nginx 1.4.3 Nginx Nginx 1.4.2 Nginx Nginx 1.4.1 Nginx Nginx 1.4.0 Nginx Nginx 1.3.9 Nginx Nginx 1.3.8 Nginx Nginx 1.3.7 Nginx Nginx 1.3.6 Nginx Nginx 1.3.5 Nginx Nginx 1.3.4 Nginx Nginx 1.3.3 Nginx Nginx 1.3.2 Nginx Nginx 1.3.13 Nginx Nginx 1.3.12 Nginx Nginx 1.3.10 Nginx Nginx 1.3.1 Nginx Nginx 1.3.0 Nginx Nginx 1.2.0 Nginx Nginx 1.1.9 Nginx Nginx 1.1.8 Nginx Nginx 1.1.7 Nginx Nginx 1.1.6 Nginx Nginx 1.1.5 Nginx Nginx 1.1.4 Nginx Nginx 1.1.3 Nginx Nginx 1.1.2 Nginx Nginx 1.1.19 Nginx Nginx 1.1.16 Nginx Nginx 1.1.15 Nginx Nginx 1.1.14 Nginx Nginx 1.1.13 Nginx Nginx 1.1.12 Nginx Nginx 1.1.11 Nginx Nginx 1.1.10 Nginx Nginx 1.1.1 Nginx Nginx 1.1.0 Nginx Nginx 1.0.9 Nginx Nginx 1.0.8 Nginx Nginx 1.0.7 Nginx Nginx 1.0.15 Nginx Nginx 1.0.14 Nginx Nginx 1.0.13 Nginx Nginx 1.0.12 Nginx Nginx 1.0.10 |
| Not Vulnerable: |
Nginx Nginx 1.15.6 Nginx Nginx 1.14.1 |
Discussion
nginx Multiple Denial of Service Vulnerabilities
nginx is prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions.
Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable.
nginx is prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions.
Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable.
Exploit / POC
nginx Multiple Denial of Service Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
nginx Multiple Denial of Service Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
nginx Multiple Denial of Service Vulnerabilities
References:
References:
- nginx Homepage (Igor Sysoev)
- [nginx-announce] nginx security advisory (CVE-2018-16843,CVE-2018-16844) (Nginx)
- [nginx-announce] nginx security advisory (CVE-2018-16845) (Nginx)
- Bug 1644508 CVE-2018-16845 nginx: Denial of service and memory disclosure (Redhat)
- Bug 1644510 CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 impleme (Redhat)
- Bug 1644511 CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP (Redhat)
- CVE-2018-16843 (Redhat)
- CVE-2018-16844 (Redhat)
- CVE-2018-16845 (Redhat)
- USN-3812-1: nginx vulnerabilities (Ubuntu)