Details of VAR-200909-0582

ID

VAR-200909-0582

TITLE

Nginx proxy DNS cache domain spoofing vulnerability

Trust: 0.9

sources: CNVD: CNVD-2009-5001 // BID: 36438

DESCRIPTION

Nginx is a multi-platform HTTP server and mail proxy server. Nginx maintains an internal DNS cache for the parsed domain name, but in the search cache, nginx only checks if the name's crc32 matches and the short name is a long name prefix, but does not check if the names are equal in length. If nginx is configured as a proxy cache, the remote attacker can spoof the domain name through DNS poisoning attacks, tricking the user into believing that the domain name being accessed is legitimate. This issue can be exploited when nginx is configured to act as a forward proxy, but this is a nonstandard and unsupported configuration. Attacks against other configurations may also be possible. Successful exploits may allow remote attackers to intercept traffic intended for legitimate websites, which may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2009-5001 // BID: 36438

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2009-5001

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.8.15	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.8.14	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.7.62	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.7.61	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.6.39	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.6.38	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.5.38	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0.5.37	Trust: 0.3
vendor:	igor	model:	sysoev nginx	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2009-5001 // BID: 36438

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2009-5001
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2009-5001
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2009-5001

THREAT TYPE

network

Trust: 0.3

sources: BID: 36438

TYPE

Design Error

Trust: 0.3

sources: BID: 36438

EXTERNAL IDS

db:	BID	id:	36438	Trust: 0.9
db:	CNVD	id:	CNVD-2009-5001	Trust: 0.6

sources: CNVD: CNVD-2009-5001 // BID: 36438

REFERENCES

url:	http://marc.info/?l=nginx&m=125314374727296&w=2	Trust: 0.6
url:	http://nginx.org/	Trust: 0.3
url:	/archive/1/506541	Trust: 0.3
url:	/archive/1/506543	Trust: 0.3

sources: CNVD: CNVD-2009-5001 // BID: 36438

CREDITS

Matthew Dempsky

Trust: 0.3

sources: BID: 36438

SOURCES

db:	CNVD	id:	CNVD-2009-5001
db:	BID	id:	36438

LAST UPDATE DATE

2022-05-17T01:51:52.041000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2009-5001	date:	2014-02-11T00:00:00
db:	BID	id:	36438	date:	2009-09-17T19:31:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2009-5001	date:	2009-09-17T00:00:00
db:	BID	id:	36438	date:	2009-09-17T00:00:00