CVE-2013-4547 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
f5	nginx	0.8.41 ≤ 𝑥 < 1.4.4
f5	nginx	1.5.0 ≤ 𝑥 ≤ 1.5.6
suse	lifecycle_management_server	1.3
suse	studio_onsite	1.3
suse	webyast	1.3
opensuse	opensuse	11.4
opensuse	opensuse	12.2
opensuse	opensuse	12.3
opensuse	opensuse	13.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nginx

bullseye	1.18.0-6.1+deb11u3 fixed
bullseye (security)	1.18.0-6.1+deb11u3 fixed
squeeze	not-affected
bookworm	1.22.1-9 fixed
sid	1.26.0-3 fixed
trixie	1.26.0-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

nginx

saucy	Fixed 1.4.1-3ubuntu1.1 released
raring	Fixed 1.2.6-1ubuntu3.3 released
quantal	Fixed 1.2.1-2.2ubuntu0.2 released
precise	Fixed 1.1.19-1ubuntu0.5 released
lucid	ignored

Common Weakness Enumeration

CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html

http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html

http://secunia.com/advisories/55757

http://secunia.com/advisories/55822

http://secunia.com/advisories/55825

http://www.debian.org/security/2012/dsa-2802

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html

http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html

http://secunia.com/advisories/55757

http://secunia.com/advisories/55822

http://secunia.com/advisories/55825

http://www.debian.org/security/2012/dsa-2802