Release date:
Updated on:
Affected Systems:
Nginx 1.5.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67507
CVE (CAN) ID: CVE-2014-0088
Nginx is an HTTP and reverse proxy server. It is also used as a mail proxy server and compiled by Igor Sysoev.
When nginx SPDY Implementation 1.5.10 runs on a 32-bit platform, the ngx_http_spdy_module stores the SPDY Implementation, allowing remote attackers to execute arbitrary code with specially crafted requests.
<* Source: Lucas Molas
Link: http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Nginx
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://nginx.org/download/patch.2014.spdy.txt
Deployment of Nginx + MySQL + PHP in CentOS 6.2
Build a WEB server using Nginx
Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5
Performance Tuning for Nginx in CentOS 6.3
Configure Nginx to load the ngx_pagespeed module in CentOS 6.3
Install and configure Nginx + Pcre + php-fpm in CentOS 6.4
Build a Video-on-Demand Server using Nginx (simulation of professional streaming media software)
Nginx details: click here
Nginx: click here
This article permanently updates the link address: