|
|
Subscribe / Log in / New account

nginx: denial of service

Package(s):nginx CVE #(s):CVE-2016-4450
Created:June 2, 2016 Updated:February 2, 2017
Description: From the Arch Linux advisory:

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body.

A remote attacker is able to use a specially crafted request to crash the worker resulting in denial of service.

Alerts:
openSUSE openSUSE-SU-2017:0361-1 nginx 2017-02-02
openSUSE openSUSE-SU-2017:0362-1 nginx 2017-02-02
Red Hat RHSA-2016:1425-01 rh-nginx18-nginx 2016-07-14
Gentoo 201606-06 nginx 2016-06-17
Fedora FEDORA-2016-ea323bd6cf nginx 2016-06-07
Ubuntu USN-2991-1 nginx 2016-06-02
Mageia MGASA-2016-0216 nginx 2016-06-02
Debian DSA-3592-1 nginx 2016-06-01
Arch Linux ASA-201606-2 nginx-mainline 2016-06-01
Arch Linux ASA-201606-1 nginx 2016-06-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds