nginx security advisories

nginx


english
עברית
русский
türkçe

news
about
download
security advisories
documentation
introduction
howto
faq
wiki
links
books
support

Igor Sysoev’s PGP public key.

  • Vulnerabilities with invalid UTF-8 sequence on Windows
    Severity: major
    CVE-2010-2266
    Not vulnerable: 0.8.41+, 0.7.67+
    Vulnerable: nginx/Windows 0.7.52-0.8.40

  • Vulnerabilities with Windows file default stream
    Severity: major
    CVE-2010-2263
    Not vulnerable: 0.8.40+, 0.7.66+
    Vulnerable: nginx/Windows 0.7.52-0.8.39

  • Vulnerabilities with Windows 8.3 filename pseudonyms
    Severity: major
    CORE-2010-0121
    Not vulnerable: 0.8.33+, 0.7.65+
    Vulnerable: nginx/Windows 0.7.52-0.8.32

  • An error log data are not sanitized
    Severity: none
    CVE-2009-4487
    Not vulnerable: none
    Vulnerable: all

  • The renegotiation vulnerability in SSL protocol
    Severity: major
    VU#120541  CVE-2009-3555
    Not vulnerable: 0.8.23+, 0.7.64+
    Vulnerable: 0.1.0-0.8.22
    The patch  pgp

  • Directory traversal vulnerability
    Severity: minor
    CVE-2009-3898
    Not vulnerable: 0.8.17+, 0.7.63+
    Vulnerable: 0.1.0-0.8.16

  • Buffer underflow vulnerability
    Severity: major
    VU#180065  CVE-2009-2629
    Not vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+
    Vulnerable: 0.1.0-0.8.14
    The patch  pgp

  • Null pointer dereference vulnerability
    Severity: major
    CVE-2009-3896
    Not vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+
    Vulnerable: 0.1.0-0.8.13
    The patch  pgp