Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-63)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120585

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-63)

Resumen: The remote host is missing an update announced via the referenced Security Advisory.

Descripción: Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Solution:
Run yum update nginx to update your system.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1180
BugTraq ID: 52578
http://www.securityfocus.com/bid/52578
Bugtraq: 20120315 nginx fix for malformed HTTP responses from upstream servers (Google Search)
http://seclists.org/bugtraq/2012/Mar/65
Debian Security Information: DSA-2434 (Google Search)
http://www.debian.org/security/2012/dsa-2434
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html
http://security.gentoo.org/glsa/glsa-201203-22.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:043
https://bugzilla.redhat.com/show_bug.cgi?id=803856
http://www.openwall.com/lists/oss-security/2012/03/15/5
http://www.openwall.com/lists/oss-security/2012/03/15/9
http://osvdb.org/80124
http://www.securitytracker.com/id?1026827
http://secunia.com/advisories/48465
http://secunia.com/advisories/48577
SuSE Security Announcement: openSUSE-SU-2012:0469 (Google Search)
https://hermes.opensuse.org/messages/14173096
XForce ISS Database: nginx-ngxcpystrn-info-disclosure(74191)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74191

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120585
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-63)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Solution: Run yum update nginx to update your system. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 BugTraq ID: 52578 http://www.securityfocus.com/bid/52578 Bugtraq: 20120315 nginx fix for malformed HTTP responses from upstream servers (Google Search) http://seclists.org/bugtraq/2012/Mar/65 Debian Security Information: DSA-2434 (Google Search) http://www.debian.org/security/2012/dsa-2434 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html http://security.gentoo.org/glsa/glsa-201203-22.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 https://bugzilla.redhat.com/show_bug.cgi?id=803856 http://www.openwall.com/lists/oss-security/2012/03/15/5 http://www.openwall.com/lists/oss-security/2012/03/15/9 http://osvdb.org/80124 http://www.securitytracker.com/id?1026827 http://secunia.com/advisories/48465 http://secunia.com/advisories/48577 SuSE Security Announcement: openSUSE-SU-2012:0469 (Google Search) https://hermes.opensuse.org/messages/14173096 XForce ISS Database: nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191
Copyright	Copyright (C) 2015 Eero Volotinen