============================================================
Product: Nginx
URL: http://nginx.org
CVE Number: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
Impact: Low / Medium
Date: 2018-11-10
============================================================
Product Description:
-------------------
nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018.
Vulnerability Description:
-------------------------
Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845).
Reference(s):
------------
http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
About Us:
--------
RACK911 Labs (HostingSecList) has quickly risen to the top as one of the most respected security firms in the hosting industry. We have already been responsible for finding over 400 new security vulnerabilities in software used by millions and we are on a mission to help secure the internet.
https://www.RACK911Labs.com
RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119
1-855-RACK911
============================================================
UNSUBSCRIBE:
https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=f512fc2224&t=b&e=[UNIQID]&c=2a549c25ff
FORWARD EMAIL:
https://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=2a549c25ff&e=[UNIQID]
UPDATE PROFILE:
https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=f512fc2224&e=[UNIQID]&c=2a549c25ff