ID
VAR-202208-2387
TITLE
Nginx LDAP auth authentication module sample program remote code execution vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2022-54473
DESCRIPTION
Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server from F5. A remote code execution vulnerability exists in the information system that deploys Nginx and references the Nginx LDAP auth authentication module sample code (https://github.com/nginxinc/nginx-ldap-auth), and attackers exploit this vulnerability by sending maliciously constructed HTTP requests headers to the target system, resulting in arbitrary code execution.
Trust: 0.6
sources:
CNVD: CNVD-2022-54473
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-54473
AFFECTED PRODUCTS
| vendor: | open | model: | source community nginx ldap auth authentication module | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-54473
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2022-54473
PATCH
| title: | Patch for Nginx LDAP auth authentication module sample program remote code execution vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/342296 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-54473
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2022-54473 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-54473
REFERENCES
| url: | https://mp.weixin.qq.com/s/z-qngmhlezkqnzbv-6xxiq | Trust: 0.6 |
| url: | https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ | Trust: 0.6 |
sources:
CNVD: CNVD-2022-54473
SOURCES
| db: | CNVD | id: | CNVD-2022-54473 |
LAST UPDATE DATE
2023-09-28T23:04:24.671000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-54473 | date: | 2022-08-02T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-54473 | date: | 2022-08-01T00:00:00 |