Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5371-1.NASL
HistoryApr 12, 2022 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-5371-1)

2022-04-1200:00:00
Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5371-1 advisory.

  • An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. (CVE-2020-11724)

  • ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. (CVE-2020-36309)

  • ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross- protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. (CVE-2021-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5371-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159690);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/16");

  script_cve_id("CVE-2020-11724", "CVE-2020-36309", "CVE-2021-3618");
  script_xref(name:"USN", value:"5371-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-5371-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-5371-1 advisory.

  - An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request
    smuggling, as demonstrated by the ngx.location.capture API. (CVE-2020-11724)

  - ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an
    argument when using the API to mutate a URI, or a request or response header. (CVE-2020-36309)

  - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing
    different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A
    MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one
    subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-
    protocol attacks may be possible where the behavior of one protocol service may compromise the other at
    the application layer. (CVE-2021-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5371-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3618");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-11724");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-auth-pam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-cache-purge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-dav-ext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-echo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-fancyindex");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-geoip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-geoip2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-headers-more-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-image-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-lua");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-ndk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-subs-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-uploadprogress");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-upstream-fair");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-xslt-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-nchan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-rtmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-stream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx-extras");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx-full");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nginx-light");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'nginx', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '16.04', 'pkgname': 'nginx-common', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '16.04', 'pkgname': 'nginx-core', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '16.04', 'pkgname': 'nginx-extras', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '16.04', 'pkgname': 'nginx-full', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '16.04', 'pkgname': 'nginx-light', 'pkgver': '1.10.3-0ubuntu0.16.04.5+esm3'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-auth-pam', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-cache-purge', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-dav-ext', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-echo', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-fancyindex', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-geoip', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-headers-more-filter', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-image-filter', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-lua', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-ndk', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-perl', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-subs-filter', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-uploadprogress', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-upstream-fair', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-http-xslt-filter', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-mail', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-nchan', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-rtmp', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'libnginx-mod-stream', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx-common', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx-core', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx-extras', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx-full', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '18.04', 'pkgname': 'nginx-light', 'pkgver': '1.14.0-0ubuntu1.10'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-auth-pam', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-cache-purge', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-dav-ext', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-echo', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-fancyindex', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-geoip', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-geoip2', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-headers-more-filter', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-image-filter', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-lua', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-ndk', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-perl', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-subs-filter', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-uploadprogress', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-upstream-fair', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-http-xslt-filter', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-mail', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-nchan', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-rtmp', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'libnginx-mod-stream', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx-common', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx-core', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx-extras', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx-full', 'pkgver': '1.18.0-0ubuntu1.3'},
    {'osver': '20.04', 'pkgname': 'nginx-light', 'pkgver': '1.18.0-0ubuntu1.3'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnginx-mod-http-auth-pam / libnginx-mod-http-cache-purge / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxlibnginx-mod-http-auth-pamp-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-auth-pam
canonicalubuntu_linuxlibnginx-mod-http-cache-purgep-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-cache-purge
canonicalubuntu_linuxlibnginx-mod-http-dav-extp-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-dav-ext
canonicalubuntu_linuxlibnginx-mod-http-echop-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-echo
canonicalubuntu_linuxlibnginx-mod-http-fancyindexp-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-fancyindex
canonicalubuntu_linuxlibnginx-mod-http-geoipp-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-geoip
canonicalubuntu_linuxlibnginx-mod-http-geoip2p-cpe:/a:canonical:ubuntu_linux:libnginx-mod-http-geoip2
Rows per page:
1-10 of 291

Related

ubuntu 4
openvas 26
osv 12
veracode 3
cvelist 3
ubuntucve 3
debiancve 3
prion 3
nvd 3
cve 3
debian 4
nessus 31
fedora 4
mageia 1
redos 3
amazon 1
cbl_mariner 5
redhatcve 1
ibm 5
altlinux 2
cloudlinux 1
rosalinux 1
f5 1
suse 2
alpinelinux 1
photon 9
ubuntu
ubuntu
nginx vulnerabilities
2022-04-12 00:00:00
nginx vulnerability
2022-10-07 00:00:00
nginx vulnerability
2022-04-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5371-1)
2022-04-14 00:00:00
Ubuntu: Security Advisory (USN-5371-2)
2022-04-29 00:00:00
Ubuntu: Security Advisory (USN-5371-3)
2022-10-10 00:00:00
osv
osv
nginx vulnerability
2022-10-07 13:05:55
nginx vulnerabilities
2022-04-12 15:48:57
nginx vulnerability
2022-04-28 08:34:24
veracode
veracode
Authentication Bypass
2022-04-16 19:11:37
HTTP Request Smuggling
2020-12-06 04:39:35
Access Restriction Bypass
2022-04-16 19:23:44
cvelist
cvelist
CVE-2020-36309
2021-04-06 17:32:45
CVE-2020-11724
2020-04-12 20:55:26
CVE-2021-3618
2022-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2020-36309
2021-04-06 00:00:00
CVE-2020-11724
2020-04-12 00:00:00
CVE-2021-3618
2022-03-23 00:00:00
debiancve
debiancve
CVE-2020-36309
2021-04-06 19:15:13
CVE-2020-11724
2020-04-12 21:15:10
CVE-2021-3618
2022-03-23 20:15:09
prion
prion
Cross site request forgery (csrf)
2021-04-06 19:15:00
Design/Logic Flaw
2020-04-12 21:15:00
Design/Logic Flaw
2022-03-23 20:15:00
nvd
nvd
CVE-2020-36309
2021-04-06 19:15:13
CVE-2020-11724
2020-04-12 21:15:10
CVE-2021-3618
2022-03-23 20:15:09
cve
cve
CVE-2020-36309
2021-04-06 19:15:13
CVE-2020-11724
2020-04-12 21:15:10
CVE-2021-3618
2022-03-23 20:15:09
debian
debian
[SECURITY] [DSA 4750-1] nginx security update
2020-08-26 16:58:14
[SECURITY] [DLA 2283-1] nginx security update
2020-07-20 13:17:38
[SECURITY] [DSA 4750-1] nginx security update
2020-08-26 16:58:14
nessus
nessus
Ubuntu 16.04 ESM : nginx vulnerability (USN-5371-3)
2022-10-08 00:00:00
Debian DLA-2283-1 : nginx security update
2020-07-21 00:00:00
Debian DSA-4750-1 : nginx - security update
2020-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nginx-1.20.1-3.fc33
2021-07-04 01:09:18
[SECURITY] Fedora 34 Update: vsftpd-3.0.3-43.fc34
2021-10-21 16:53:35
[SECURITY] Fedora 34 Update: nginx-1.20.1-3.fc34
2021-07-04 01:08:03
mageia
mageia
Updated nginx/vsftpd packages fix security vulnerability
2021-12-08 23:04:18
redos
redos
ROS-20220125-08
2022-01-25 00:00:00
ROS-20220125-02
2022-01-25 00:00:00
ROS-20220112-03
2022-01-12 00:00:00
amazon
amazon
Medium: vsftpd
2024-01-19 01:51:00
cbl_mariner
cbl_mariner
CVE-2021-3618 affecting package nginx 1.20.1-2
2022-05-12 02:16:38
CVE-2021-3618 affecting package vsftpd for versions less than 3.0.5-1
2022-04-26 19:57:40
CVE-2021-3618 affecting package sendmail 8.15.2-46
2024-07-01 15:26:49
redhatcve
redhatcve
CVE-2021-3618
2021-06-24 06:25:59
ibm
ibm
Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager
2021-09-16 18:10:44
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx
2022-08-03 19:30:33
Security Bulletin: A security vulnerability in NGINX affects IBM Cloud Pak for Multicloud Management Managed Services
2021-11-09 18:19:49
altlinux
altlinux
Security fix for the ALT Linux 10 package nginx version 1.22.0-alt1
2022-07-14 00:00:00
Security fix for the ALT Linux 9 package nginx version 1.22.0-alt1
2022-07-15 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3618
2022-04-11 16:46:59
rosalinux
rosalinux
Advisory ROSA-SA-2023-2269
2023-10-22 06:05:16
f5
f5
K000132639 : ALPACA: TLS vulnerability CVE-2021-3618
2023-02-17 00:00:00
suse
suse
Security update for vsftpd (important)
2022-09-28 00:00:00
Security update for vsftpd (important)
2022-09-20 00:00:00
alpinelinux
alpinelinux
CVE-2021-3618
2022-03-23 20:15:09
photon
photon
Important Photon OS Security Update - PHSA-2022-0172
2022-04-15 00:00:00
Important Photon OS Security Update - PHSA-2022-0381
2022-04-12 00:00:00
Critical Photon OS Security Update - PHSA-2022-0173
2022-04-21 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON
Related for UBUNTU_USN-5371-1.NASL
ubuntu4openvas26osv12veracode3cvelist3ubuntucve3debiancve3prion3nvd3cve3debian4nessus31fedora4mageia1redos3amazon1cbl_mariner5redhatcve1ibm5altlinux2cloudlinux1rosalinux1f51suse2alpinelinux1photon9