mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
206 lines
6.5 KiB
JSON
206 lines
6.5 KiB
JSON
{
|
|
"id": "CVE-2024-31079",
|
|
"sourceIdentifier": "f5sirt@f5.com",
|
|
"published": "2024-05-29T16:15:09.800",
|
|
"lastModified": "2025-01-24T16:01:04.653",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause\u00a0other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Cuando NGINX Plus o NGINX OSS est\u00e1n configurados para usar el m\u00f3dulo HTTP/3 QUIC, las solicitudes HTTP/3 no divulgadas pueden hacer que los procesos de trabajo de NGINX finalicen o causen otros impactos potenciales. Este ataque requiere que una solicitud se programe espec\u00edficamente durante el proceso de drenaje de la conexi\u00f3n, sobre el cual el atacante no tiene visibilidad y tiene influencia limitada."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "f5sirt@f5.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
|
|
"baseScore": 4.8,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 2.2,
|
|
"impactScore": 2.5
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
|
|
"baseScore": 4.8,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 2.2,
|
|
"impactScore": 2.5
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "f5sirt@f5.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-121"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "1.25.0",
|
|
"versionEndExcluding": "1.26.1",
|
|
"matchCriteriaId": "CA79B55D-E494-4961-81C6-80363BE46FE0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4EBEC829-7EED-487E-974D-BBA704DFBF0A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D0648596-D1F5-4A7A-B7F8-104E3AF26317"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9D5BB4C0-B862-4CDD-AA54-1BC1BDF27005"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Mailing List"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://my.f5.com/manage/s/article/K000139611",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Mailing List"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://my.f5.com/manage/s/article/K000139611",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |