Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2016-4450 Nginx Vulnerabilities

by: July 13, 2016

CVE-2016-4450 Nginx Vulnerabilities

Severity

Medium

Vendor

nginx, Cloud Foundry

Versions Affected

  • nginx before 1.10.1 and 1.11.x versions before 1.11.1
  • Cloud Foundry staticfile buildpack prior to version 1.3.9
  • Cloud Foundry cf-release prior to version 238

Description

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Mitigation

Users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry version 238 or later
  • Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2016-8218: Unauthenticated JWT signing algorithm in routing
Security Advisory

CVE-2016-8218: Unauthenticated JWT signing algorithm in routing

by Cloud Foundry Foundation Security Team December 9, 2016
USN-3885-2: OpenSSH vulnerability
Security Advisory

USN-3885-2: OpenSSH vulnerability

by Cloud Foundry Foundation Security Team April 25, 2019
USN-5446-1: dpkg vulnerability
Security Advisory

USN-5446-1: dpkg vulnerability

by Cloud Foundry Foundation Security Team July 28, 2022
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept