Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3896

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-3896
Last Modified 11 Sep 2013 02:00:45
Published 24 Nov 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3896

Summary

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

Vulnerable Systems

Application

  • Nginx 0.1.0

  • Nginx 0.1.1

  • Nginx 0.1.10

  • Nginx 0.1.11

  • Nginx 0.1.12

  • Nginx 0.1.13

  • Nginx 0.1.14

  • Nginx 0.1.15

  • Nginx 0.1.16

  • Nginx 0.1.17

  • Nginx 0.1.18

  • Nginx 0.1.19

  • Nginx 0.1.2

  • Nginx 0.1.20

  • Nginx 0.1.21

  • Nginx 0.1.22

  • Nginx 0.1.23

  • Nginx 0.1.24

  • Nginx 0.1.25

  • Nginx 0.1.26

  • Nginx 0.1.27

  • Nginx 0.1.28

  • Nginx 0.1.29

  • Nginx 0.1.3

  • Nginx 0.1.30

  • Nginx 0.1.31

  • Nginx 0.1.32

  • Nginx 0.1.33

  • Nginx 0.1.34

  • Nginx 0.1.35

  • Nginx 0.1.36

  • Nginx 0.1.37

  • Nginx 0.1.38

  • Nginx 0.1.39

  • Nginx 0.1.4

  • Nginx 0.1.40

  • Nginx 0.1.41

  • Nginx 0.1.42

  • Nginx 0.1.43

  • Nginx 0.1.44

  • Nginx 0.1.45

  • Nginx 0.1.5

  • Nginx 0.1.6

  • Nginx 0.1.7

  • Nginx 0.1.8

  • Nginx 0.1.9

  • Nginx 0.2.0

  • Nginx 0.2.1

  • Nginx 0.2.2

  • Nginx 0.2.3

  • Nginx 0.2.4

  • Nginx 0.2.5

  • Nginx 0.2.6

  • Nginx 0.3.0

  • Nginx 0.3.1

  • Nginx 0.3.10

  • Nginx 0.3.11

  • Nginx 0.3.12

  • Nginx 0.3.13

  • Nginx 0.3.14

  • Nginx 0.3.15

  • Nginx 0.3.16

  • Nginx 0.3.17

  • Nginx 0.3.18

  • Nginx 0.3.19

  • Nginx 0.3.2

  • Nginx 0.3.20

  • Nginx 0.3.21

  • Nginx 0.3.22

  • Nginx 0.3.23

  • Nginx 0.3.24

  • Nginx 0.3.25

  • Nginx 0.3.26

  • Nginx 0.3.27

  • Nginx 0.3.28

  • Nginx 0.3.29

  • Nginx 0.3.3

  • Nginx 0.3.30

  • Nginx 0.3.31

  • Nginx 0.3.32

  • Nginx 0.3.33

  • Nginx 0.3.34

  • Nginx 0.3.35

  • Nginx 0.3.36

  • Nginx 0.3.37

  • Nginx 0.3.38

  • Nginx 0.3.39

  • Nginx 0.3.4

  • Nginx 0.3.40

  • Nginx 0.3.41

  • Nginx 0.3.42

  • Nginx 0.3.43

  • Nginx 0.3.44

  • Nginx 0.3.45

  • Nginx 0.3.46

  • Nginx 0.3.47

  • Nginx 0.3.48

  • Nginx 0.3.49

  • Nginx 0.3.5

  • Nginx 0.3.50

  • Nginx 0.3.51

  • Nginx 0.3.52

  • Nginx 0.3.53

  • Nginx 0.3.54

  • Nginx 0.3.55

  • Nginx 0.3.56

  • Nginx 0.3.57

  • Nginx 0.3.58

  • Nginx 0.3.59

  • Nginx 0.3.6

  • Nginx 0.3.60

  • Nginx 0.3.61

  • Nginx 0.3.7

  • Nginx 0.3.8

  • Nginx 0.3.9

  • Nginx 0.4.0

  • Nginx 0.4.1

  • Nginx 0.4.10

  • Nginx 0.4.11

  • Nginx 0.4.12

  • Nginx 0.4.13

  • Nginx 0.4.2

  • Nginx 0.4.3

  • Nginx 0.4.4

  • Nginx 0.4.5

  • Nginx 0.4.6

  • Nginx 0.4.7

  • Nginx 0.4.8

  • Nginx 0.4.9

  • Nginx 0.5.0

  • Nginx 0.5.1

  • Nginx 0.5.10

  • Nginx 0.5.11

  • Nginx 0.5.12

  • Nginx 0.5.13

  • Nginx 0.5.14

  • Nginx 0.5.15

  • Nginx 0.5.16

  • Nginx 0.5.17

  • Nginx 0.5.18

  • Nginx 0.5.19

  • Nginx 0.5.2

  • Nginx 0.5.20

  • Nginx 0.5.21

  • Nginx 0.5.22

  • Nginx 0.5.23

  • Nginx 0.5.24

  • Nginx 0.5.25

  • Nginx 0.5.26

  • Nginx 0.5.27

  • Nginx 0.5.28

  • Nginx 0.5.29

  • Nginx 0.5.3

  • Nginx 0.5.30

  • Nginx 0.5.31

  • Nginx 0.5.32

  • Nginx 0.5.33

  • Nginx 0.5.34

  • Nginx 0.5.35

  • Nginx 0.5.36

  • Nginx 0.5.37

  • Nginx 0.5.4

  • Nginx 0.5.5

  • Nginx 0.5.6

  • Nginx 0.5.7

  • Nginx 0.5.8

  • Nginx 0.5.9

  • Nginx 0.6.0

  • Nginx 0.6.1

  • Nginx 0.6.10

  • Nginx 0.6.11

  • Nginx 0.6.12

  • Nginx 0.6.13

  • Nginx 0.6.14

  • Nginx 0.6.15

  • Nginx 0.6.1516

  • Nginx 0.6.17

  • Nginx 0.6.18

  • Nginx 0.6.19

  • Nginx 0.6.2

  • Nginx 0.6.20

  • Nginx 0.6.21

  • Nginx 0.6.22

  • Nginx 0.6.23

  • Nginx 0.6.24

  • Nginx 0.6.25

  • Nginx 0.6.26

  • Nginx 0.6.27

  • Nginx 0.6.28

  • Nginx 0.6.29

  • Nginx 0.6.3

  • Nginx 0.6.30

  • Nginx 0.6.31

  • Nginx 0.6.32

  • Nginx 0.6.33

  • Nginx 0.6.34

  • Nginx 0.6.35

  • Nginx 0.6.36

  • Nginx 0.6.37

  • Nginx 0.6.38

  • Nginx 0.6.4

  • Nginx 0.6.5

  • Nginx 0.6.6

  • Nginx 0.6.7

  • Nginx 0.6.8

  • Nginx 0.6.9

  • Nginx 0.7.0

  • Nginx 0.7.1

  • Nginx 0.7.10

  • Nginx 0.7.11

  • Nginx 0.7.12

  • Nginx 0.7.13

  • Nginx 0.7.14

  • Nginx 0.7.15

  • Nginx 0.7.16

  • Nginx 0.7.17

  • Nginx 0.7.18

  • Nginx 0.7.19

  • Nginx 0.7.2

  • Nginx 0.7.20

  • Nginx 0.7.21

  • Nginx 0.7.22

  • Nginx 0.7.23

  • Nginx 0.7.24

  • Nginx 0.7.25

  • Nginx 0.7.26

  • Nginx 0.7.27

  • Nginx 0.7.28

  • Nginx 0.7.29

  • Nginx 0.7.3

  • Nginx 0.7.30

  • Nginx 0.7.31

  • Nginx 0.7.32

  • Nginx 0.7.33

  • Nginx 0.7.34

  • Nginx 0.7.35

  • Nginx 0.7.36

  • Nginx 0.7.37

  • Nginx 0.7.38

  • Nginx 0.7.39

  • Nginx 0.7.4

  • Nginx 0.7.40

  • Nginx 0.7.41

  • Nginx 0.7.42

  • Nginx 0.7.43

  • Nginx 0.7.44

  • Nginx 0.7.45

  • Nginx 0.7.46

  • Nginx 0.7.47

  • Nginx 0.7.48

  • Nginx 0.7.49

  • Nginx 0.7.5

  • Nginx 0.7.50

  • Nginx 0.7.51

  • Nginx 0.7.52

  • Nginx 0.7.53

  • Nginx 0.7.54

  • Nginx 0.7.55

  • Nginx 0.7.56

  • Nginx 0.7.57

  • Nginx 0.7.58

  • Nginx 0.7.59

  • Nginx 0.7.6

  • Nginx 0.7.60

  • Nginx 0.7.61

  • Nginx 0.7.7

  • Nginx 0.7.8

  • Nginx 0.7.9

  • Nginx 0.8.0

  • Nginx 0.8.1

  • Nginx 0.8.10

  • Nginx 0.8.11

  • Nginx 0.8.12

  • Nginx 0.8.13

  • Nginx 0.8.14

  • Nginx 0.8.2

  • Nginx 0.8.3

  • Nginx 0.8.4

  • Nginx 0.8.5

  • Nginx 0.8.6

  • Nginx 0.8.7

  • Nginx 0.8.8

  • Nginx 0.8.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=539565

BID - 36839

MLIST - [oss-security] 20091123 Re: CVEs for nginx

MLIST - [oss-security] 20091120 CVE Assignment nginx

MLIST - [oss-security] 20091120 CVEs for nginx

CONFIRM - http://sysoev.ru/nginx/patch.null.pointer.txt

FEDORA - FEDORA-2009-12782

FEDORA - FEDORA-2009-12775

FEDORA - FEDORA-2009-12750

DEBIAN - DSA-1920

CONFIRM - http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz

MLIST - [nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035

GENTOO - GLSA-201203-22

SECUNIA - 48577


Last Updated: 27 May 2016 10:56:30