PT-2019-8800 · Nginx · Nginx

Publicado

2019-03-07

Atualizado

2019-03-18

CVE-2018-11783

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nginx versions 6.0.0 through 6.0.3 nginx versions 7.0.0 through 7.1.5 nginx versions 8.0.0 through 8.0.1

Description The issue arises from the sslheaders plugin, which extracts client certificate information and sets request headers based on its configuration. However, in certain scenarios, the plugin fails to strip these headers from the request.

Recommendations For versions 6.0.0 through 6.0.3, update to a version outside of this range to resolve the issue. For versions 7.0.0 through 7.1.5, update to a version outside of this range to resolve the issue. For versions 8.0.0 through 8.0.1, update to a version outside of this range to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-11783

Produtos afetados

Nginx

PT-2019-8800 · Nginx · Nginx

CVE-2018-11783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12