Version Disclosure (nginx) #15
Comments
|
I found a 403 forbidden page which is diclosing nginx version too. |
|
These are the known vulnerabilites of this version: nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain $index_allocation sequences in a request. External References 2.nginx Restriction Bypass Vulnerability nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. External References 3.nginx Request Line Parsing Vulnerability nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. External References 4.Nginx Plaintext Command Injection Attack The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a 'plaintext command injection' attack, a similar issue to CVE-2011-0411. External References 5.Nginx SSL Virtual Host Confusion Attacks nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct 'virtual host confusion' attacks. External References |
|
Thanks for reporting this. Have you tried exploiting these vulnerabilities? All relevant patches have most likely been backported by Debian's security team. |
|
No. I have'nt tried to exploit these vulnerabilities yet. Is my report is
eligible for bounty or swag. Thankyou for quick response, Appreciated!
…On Tuesday, April 11, 2017, Ivan Kwiatkowski ***@***.***> wrote:
Thanks for reporting this. Have you tried exploiting these
vulnerabilities? All relevant patches have most likely been backported by
Debian's security team.
I might just disable server tokens anyway, because I'm getting too many
reports based just on the version number.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#15 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AX3DcJ43bLDIDT2iZTYi-eL1tMgJsGZoks5ru4D3gaJpZM4M5eYz>
.
|
|
As mentioned in the bug bounty rule page, exploitability needs to be demonstrated. A simple application version is not sufficient to indicate a vulnerability as security patches may be backported by distribution maitainers.
Please accept this free Manalyzer logo as thanks for banner grabbing my server: |
|
There's no exploit for version disclosures.. And information or server
disclosures are eligible for bounty or swag. If you think that this is not
a eligible for swag or bounty than it's up to you.
Kind regards,
Mahad Ahmed Siddqui
…On Tuesday, April 11, 2017, Ivan Kwiatkowski ***@***.***> wrote:
As mentioned in the bug bounty <https://manalyzer.org/bounty> rule page, *exploitability
needs to be demonstrated*. You're welcome to try and exploit the
vulnerabilities you reported.
Is my report is eligible for bounty or swag.
Please accept this free Manalyzer logo as thanks for banner grabbing my
server:
[image: Manalyzer logo]
<https://camo.githubusercontent.com/962890f2837344b9d35f042a0dd14ff24d911171/68747470733a2f2f6d616e616c797a65722e6f72672f7374617469632f6c6f676f2f6c6f676f5f736d616c6c2e706e67>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#15 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AX3DcIyEHzdgchup0p8y1-BBwIBDtb7tks5ru6wfgaJpZM4M5eYz>
.
|
|
To quote the bug bounty rules again : Information disclosures are eligible for bounty or swag if and only if the rules say they do, and they specifically indicate otherwise. |
|
I think actual security impact will be rewarded with money.. It means my
report is eligible for swag or hall of fame?
…On Tuesday, April 11, 2017, Ivan Kwiatkowski ***@***.***> wrote:
To quote the bug bounty rules again :
Security issues in the manalyzer.org machine are eligible as well.
However, only bugs which have an *actual security impact* will be
rewarded with money. (Emphasis also in the original document)
Information disclosures are eligible for bounty or swag if and only if the
rules say they do, and they specifically indicate otherwise.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#15 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AX3DcJGLWcEO0nSX6fG51dzAjijIDORqks5ru7EbgaJpZM4M5eYz>
.
|
|
You just got swag (a free copy of the manalyzer logo). |
Hello team,
I've detected a version disclosure (Nginx) in the target web server's HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.
URL: https://manalyzer.org/
HTTP Response:
HTTP/1.1 200 OK
Server: nginx/1.2.1
Connection: keep-alive
Content-Encoding:
Strict-Transport-Security: max-age=15768000
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 11 Apr 2017 00:02:26 GMT
identified version: 1.2.1
and you are using an out-of-date version of Nginx. Since this is an old version of the software, it may be vulnerable to attacks.
The text was updated successfully, but these errors were encountered: