Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0133

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2014-0133
Last Modified 03 Jun 2015 09:59:17
Published 28 Mar 2014 11:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-0133

Summary

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

Application

  • Igor Sysoev Nginx 1.3.15

  • Igor Sysoev Nginx 1.3.16

  • Igor Sysoev Nginx 1.4.0

  • Igor Sysoev Nginx 1.4.1

  • Igor Sysoev Nginx 1.4.2

  • Igor Sysoev Nginx 1.4.3

  • Igor Sysoev Nginx 1.5.0

  • Igor Sysoev Nginx 1.5.1

  • Igor Sysoev Nginx 1.5.10

  • Igor Sysoev Nginx 1.5.11

  • Igor Sysoev Nginx 1.5.2

  • Igor Sysoev Nginx 1.5.3

  • Igor Sysoev Nginx 1.5.4

  • Igor Sysoev Nginx 1.5.5

  • Igor Sysoev Nginx 1.5.6

  • Igor Sysoev Nginx 1.5.7

  • Igor Sysoev Nginx 1.5.8

  • Igor Sysoev Nginx 1.5.9


References

MLIST - [nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)

SUSE - openSUSE-SU-2014:0450

BID - 66537


Last Updated: 27 May 2016 11:04:48