Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2016-4450 Nginx Vulnerabilities

by: July 13, 2016

CVE-2016-4450 Nginx Vulnerabilities

Severity

Medium

Vendor

nginx, Cloud Foundry

Versions Affected

  • nginx before 1.10.1 and 1.11.x versions before 1.11.1
  • Cloud Foundry staticfile buildpack prior to version 1.3.9
  • Cloud Foundry cf-release prior to version 238

Description

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Mitigation

Users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry version 238 or later
  • Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities
Security Advisory

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities

by Cloud Foundry Foundation Security Team January 31, 2017
USN-5051-3: OpenSSL vulnerability
Security Advisory

USN-5051-3: OpenSSL vulnerability

by Cloud Foundry Foundation Security Team October 28, 2021
USN-3755-1: GD vulnerabilities
Security Advisory

USN-3755-1: GD vulnerabilities

by Cloud Foundry Foundation Security Team September 11, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept