A vulnerability was found in Nginx up to 1.13.5 (Web Server) and classified as critical. This issue affects an unknown code block of the component Autoindex Module. Upgrading to version 1.13.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Nginx up to 1.13.5 Autoindex Module integer overflow
- Virtual Patching
- June 10, 2021
- 11:08 pm
CVE-2022-1183 : Destroying a TLS session early causes assertion failure
Description On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those
CVE-2022-30049 : SSRF Vulnerability
Description A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet
CVE-2022-24878 : Improper Path Handling In Kustomization Files Allows For Denial Of Service
Description The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user