Vulnerability-Lookup

CVE-2016-0747 (GCVE-0-2016-0747)

Vulnerability from cvelistv5 – Published: 2016-02-15 19:00 – Updated: 2024-08-05 22:30

Summary

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	https://bto.bluecoat.com/security-advisory/sa115	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201606-06	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id/1034869	vdb-entryx_refsource_SECTRACK
	http://mailman.nginx.org/pipermail/nginx/2016-Jan…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2016:1425	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1302589	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3473	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2892-1	vendor-advisoryx_refsource_UBUNTU
	https://support.apple.com/kb/HT212818	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2021/Sep/36	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:0371",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa115"
          },
          {
            "name": "GLSA-201606-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-06"
          },
          {
            "name": "1034869",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034869"
          },
          {
            "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
          },
          {
            "name": "RHSA-2016:1425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1425"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
          },
          {
            "name": "DSA-3473",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3473"
          },
          {
            "name": "USN-2892-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2892-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212818"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T23:07:07.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:0371",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa115"
        },
        {
          "name": "GLSA-201606-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-06"
        },
        {
          "name": "1034869",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034869"
        },
        {
          "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
        },
        {
          "name": "RHSA-2016:1425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1425"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
        },
        {
          "name": "DSA-3473",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3473"
        },
        {
          "name": "USN-2892-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2892-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212818"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:0371",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa115",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa115"
            },
            {
              "name": "GLSA-201606-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-06"
            },
            {
              "name": "1034869",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034869"
            },
            {
              "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
              "refsource": "MLIST",
              "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
            },
            {
              "name": "RHSA-2016:1425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1425"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
            },
            {
              "name": "DSA-3473",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3473"
            },
            {
              "name": "USN-2892-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2892-1"
            },
            {
              "name": "https://support.apple.com/kb/HT212818",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212818"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0747",
    "datePublished": "2016-02-15T19:00:00.000Z",
    "dateReserved": "2015-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:30:04.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-769V-GFHQ-G2W7

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-15T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.",
  "id": "GHSA-769v-gfhq-g2w7",
  "modified": "2022-05-13T01:04:26Z",
  "published": "2022-05-13T01:04:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1425"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa115"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201606-06"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212818"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3473"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034869"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2892-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-039

Vulnerability from certfr_avis - Published: 2016-01-28 - Updated: 2016-01-28

De multiples vulnérabilités ont été corrigées dans Nginx. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Nginx versions antérieures à 1.9.10 (une exception : 1.8.1)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Nginx 000169 du 26 janvier 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eNginx versions ant\u00e9rieures \u00e0 1.9.10 (une exception :  1.8.1)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
    },
    {
      "name": "CVE-2016-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
    },
    {
      "name": "CVE-2016-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
    }
  ],
  "initial_release_date": "2016-01-28T00:00:00",
  "last_revision_date": "2016-01-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eNginx\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni\nde service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Nginx",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Nginx 000169 du 26 janvier 2016",
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
    }
  ]
}

CERTFR-2024-AVI-0866

Vulnerability from certfr_avis - Published: 2024-10-10 - Updated: 2024-10-10

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions suivantes de Junos OS et Junos OS Evolved sont à paraître : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO
Juniper Networks	N/A	Junos Space 24.1R1 sans le correctif de sécurité Patch V1 et V2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA88112	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88121	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88104	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88107	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88105	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88134	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88123	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88128	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88106	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88136	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88110	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88122	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88124	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88111	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88108	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88100	2024-10-16	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88131	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88099	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88135	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88102	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88116	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88097	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88133	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88137	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88119	2024-10-15	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88103	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88138	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88129	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88115	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88120	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88132	2024-10-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space 24.1R1 sans le correctif de s\u00e9curit\u00e9 Patch V1 et V2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les versions suivantes de Junos OS et Junos OS Evolved sont \u00e0 para\u00eetre : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2016-1247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1247"
    },
    {
      "name": "CVE-2024-47501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47501"
    },
    {
      "name": "CVE-2024-47496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47496"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2024-47493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47493"
    },
    {
      "name": "CVE-2024-39515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39515"
    },
    {
      "name": "CVE-2021-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2023-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-39525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39525"
    },
    {
      "name": "CVE-2024-47498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47498"
    },
    {
      "name": "CVE-2016-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2017-20005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-20005"
    },
    {
      "name": "CVE-2024-39544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39544"
    },
    {
      "name": "CVE-2016-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
    },
    {
      "name": "CVE-2023-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
    },
    {
      "name": "CVE-2024-47489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47489"
    },
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2024-47494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47494"
    },
    {
      "name": "CVE-2024-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39534"
    },
    {
      "name": "CVE-2024-47499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47499"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2024-39526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39526"
    },
    {
      "name": "CVE-2024-39547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39547"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2024-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47495"
    },
    {
      "name": "CVE-2019-20372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
    },
    {
      "name": "CVE-2016-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2024-47490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47490"
    },
    {
      "name": "CVE-2018-16845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
    },
    {
      "name": "CVE-2024-47491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47491"
    },
    {
      "name": "CVE-2017-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
    },
    {
      "name": "CVE-2024-39527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39527"
    },
    {
      "name": "CVE-2024-39563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39563"
    },
    {
      "name": "CVE-2024-47502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47502"
    },
    {
      "name": "CVE-2024-39516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39516"
    },
    {
      "name": "CVE-2024-47503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47503"
    },
    {
      "name": "CVE-2023-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
    },
    {
      "name": "CVE-2024-47506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47506"
    },
    {
      "name": "CVE-2023-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2016-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
    },
    {
      "name": "CVE-2024-47504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47504"
    },
    {
      "name": "CVE-2023-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-47507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47507"
    },
    {
      "name": "CVE-2024-47497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47497"
    }
  ],
  "initial_release_date": "2024-10-10T00:00:00",
  "last_revision_date": "2024-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0866",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88112",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88121",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88104",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88107",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88105",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88134",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88123",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88128",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88106",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88136",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88110",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88122",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88124",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88111",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88108",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88100",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88131",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88099",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88135",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88102",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88116",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88097",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88133",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88137",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88119",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88103",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88138",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88129",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88115",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88120",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88132",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502"
    }
  ]
}

CERTFR-2021-AVI-719

Vulnerability from certfr_avis - Published: 2021-09-21 - Updated: 2021-09-21

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	tvOS versions antérieures à 15.0
Apple	N/A	iTunes pour Windows versions antérieures à 12.12
Apple	N/A	Xcode versions antérieures à 13.0
Apple	N/A	iPadOS versions antérieures à 15.0
Apple	N/A	watchOS versions antérieures à 8.0
Apple	N/A	iOS versions antérieures à 15.0
Apple	Safari	Safari versions antérieures à 15.0

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212818 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212819 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212816 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212817 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212814 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212815 du 20 septembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212817 du 20 septembre 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 13.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30850"
    },
    {
      "name": "CVE-2021-30849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30849"
    },
    {
      "name": "CVE-2021-30841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30841"
    },
    {
      "name": "CVE-2018-16844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16844"
    },
    {
      "name": "CVE-2021-30811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30811"
    },
    {
      "name": "CVE-2021-30837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30837"
    },
    {
      "name": "CVE-2016-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
    },
    {
      "name": "CVE-2021-30847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30847"
    },
    {
      "name": "CVE-2021-30835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30835"
    },
    {
      "name": "CVE-2018-16843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16843"
    },
    {
      "name": "CVE-2021-30855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30855"
    },
    {
      "name": "CVE-2019-20372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
    },
    {
      "name": "CVE-2016-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
    },
    {
      "name": "CVE-2021-30826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30826"
    },
    {
      "name": "CVE-2021-30846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30846"
    },
    {
      "name": "CVE-2021-30848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30848"
    },
    {
      "name": "CVE-2021-30854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30854"
    },
    {
      "name": "CVE-2018-16845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
    },
    {
      "name": "CVE-2021-30810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30810"
    },
    {
      "name": "CVE-2017-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
    },
    {
      "name": "CVE-2021-30819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30819"
    },
    {
      "name": "CVE-2021-30863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30863"
    },
    {
      "name": "CVE-2021-30815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30815"
    },
    {
      "name": "CVE-2021-30825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30825"
    },
    {
      "name": "CVE-2021-30857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30857"
    },
    {
      "name": "CVE-2021-30838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30838"
    },
    {
      "name": "CVE-2016-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
    },
    {
      "name": "CVE-2021-30851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30851"
    },
    {
      "name": "CVE-2013-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
    },
    {
      "name": "CVE-2021-30842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30842"
    },
    {
      "name": "CVE-2021-30843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30843"
    }
  ],
  "initial_release_date": "2021-09-21T00:00:00",
  "last_revision_date": "2021-09-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212817 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212817"
    }
  ],
  "reference": "CERTFR-2021-AVI-719",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212818 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212818"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212819 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212819"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212816 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212816"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212817 du 20 septembre 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212814 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212814"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212815 du 20 septembre 2021",
      "url": "https://support.apple.com/en-us/HT212815"
    }
  ]
}

CNVD-2016-00962

Vulnerability from cnvd - Published: 2016-02-16

Title

nginx拒绝服务漏洞

Description

nginx是一款HTTP和反向代理服务器，也可以作为邮件代理服务器。 nginx中存在安全漏洞，允许远程攻击者可利用该漏洞提交特殊请求进行拒绝服务攻击。

Severity

中

Patch Name

nginx拒绝服务漏洞的补丁

Patch Description

nginx是一款HTTP和反向代理服务器，也可以作为邮件代理服务器。 nginx中存在安全漏洞，允许远程攻击者可利用该漏洞提交特殊请求进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://nginx.org/

Reference

http://www.securityfocus.com/bid/82230

Impacted products

Name
['Nginx nginx < 1.8.1', 'Nginx nginx 1.9.x(< 1.9.10)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "82230"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0747"
    }
  },
  "description": "nginx\u662f\u4e00\u6b3eHTTP\u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u3002\r\n\r\nnginx\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "nginx",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://nginx.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00962",
  "openTime": "2016-02-16",
  "patchDescription": "nginx\u662f\u4e00\u6b3eHTTP\u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u3002\r\n\r\nnginx\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "nginx\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Nginx nginx \u003c 1.8.1",
      "Nginx nginx 1.9.x(\u003c 1.9.10)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/82230",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-08",
  "title": "nginx\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2016-0747

Vulnerability from fkie_nvd - Published: 2016-02-15 19:59 - Updated: 2025-04-12 10:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html	Vendor Advisory
secalert@redhat.com	http://seclists.org/fulldisclosure/2021/Sep/36	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3473	Third Party Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1034869	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2892-1	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2016:1425	Third Party Advisory
secalert@redhat.com	https://bto.bluecoat.com/security-advisory/sa115	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1302589	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/201606-06	Third Party Advisory
secalert@redhat.com	https://support.apple.com/kb/HT212818	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Sep/36	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3473	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034869	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2892-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2016:1425	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa115	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1302589	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-06	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212818	Third Party Advisory

Impacted products

Vendor	Product	Version
f5	nginx	*
f5	nginx	*
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
opensuse	leap	42.1
opensuse	leap	42.1
apple	xcode	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB42AA9F-E2F7-471C-AAC1-953469630349",
              "versionEndExcluding": "1.8.1",
              "versionStartIncluding": "0.6.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90F693D-8EEF-4222-B562-67629C7C72DF",
              "versionEndExcluding": "1.9.10",
              "versionStartIncluding": "1.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB279F6B-EE4C-4885-9CD4-657F6BD2548F",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution."
    },
    {
      "lang": "es",
      "value": "El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resoluci\u00f3n CNAME, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos por el proceso trabajador) a trav\u00e9s de vectores relacionados con la resoluci\u00f3n de nombre arbitrario."
    }
  ],
  "id": "CVE-2016-0747",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-15T19:59:02.123",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3473"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034869"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2892-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1425"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa115"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-06"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2892-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212818"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-0747

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-0747

Aliases

CVE-2016-0747

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0747",
    "description": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.",
    "id": "GSD-2016-0747",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-0747.html",
      "https://www.debian.org/security/2016/dsa-3473",
      "https://access.redhat.com/errata/RHSA-2016:1425",
      "https://ubuntu.com/security/CVE-2016-0747",
      "https://advisories.mageia.org/CVE-2016-0747.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-0747.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0747"
      ],
      "details": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.",
      "id": "GSD-2016-0747",
      "modified": "2023-12-13T01:21:17.570219Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-0747",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "openSUSE-SU-2016:0371",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa115",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa115"
          },
          {
            "name": "GLSA-201606-06",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201606-06"
          },
          {
            "name": "1034869",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034869"
          },
          {
            "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
            "refsource": "MLIST",
            "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
          },
          {
            "name": "RHSA-2016:1425",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2016:1425"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
          },
          {
            "name": "DSA-3473",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3473"
          },
          {
            "name": "USN-2892-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2892-1"
          },
          {
            "name": "https://support.apple.com/kb/HT212818",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212818"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.1",
                "versionStartIncluding": "0.6.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.9.10",
                "versionStartIncluding": "1.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0747"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:0371",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
            },
            {
              "name": "USN-2892-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2892-1"
            },
            {
              "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
            },
            {
              "name": "DSA-3473",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3473"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa115",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa115"
            },
            {
              "name": "1034869",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1034869"
            },
            {
              "name": "GLSA-201606-06",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201606-06"
            },
            {
              "name": "RHSA-2016:1425",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1425"
            },
            {
              "name": "https://support.apple.com/kb/HT212818",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212818"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-12-16T18:43Z",
      "publishedDate": "2016-02-15T19:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-0747 (GCVE-0-2016-0747)

GHSA-769V-GFHQ-G2W7

CERTFR-2016-AVI-039

Solution

CERTFR-2024-AVI-0866

Solutions

CERTFR-2021-AVI-719

Solution

CNVD-2016-00962

FKIE_CVE-2016-0747

GSD-2016-0747

Tags

Sightings

Nomenclature