CVE-2013-4547

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4547 at MITRE

Description

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entry: 851295

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
1.3
  • nginx-1.0 >= 1.0.15-0.8.1
Patchnames:
sleslms13-nginx-1.0
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • nginx-1.0 >= 1.0.15-0.8.1
Builds
SAT Patch Nr: 8600
openSUSE 12.3
  • nginx >= 1.2.9-3.8.1
  • nginx-debuginfo >= 1.2.9-3.8.1
  • nginx-debugsource >= 1.2.9-3.8.1
Patchnames:
openSUSE-2013-882
openSUSE 13.1
  • nginx >= 1.4.4-3.5.1
  • nginx-debuginfo >= 1.4.4-3.5.1
  • nginx-debugsource >= 1.4.4-3.5.1
Patchnames:
openSUSE-2013-882
openSUSE Evergreen 11.4
  • nginx-0.8 >= 0.8.53-4.17.2
  • nginx-0.8-debuginfo >= 0.8.53-4.17.2
  • nginx-0.8-debugsource >= 0.8.53-4.17.2
Patchnames:
2013-167

List of products where fixes are in QA

SUSE Studio Onsite 1.2 [Appliance - Studio]
SUSE Studio Standard Edition 1.2
WebYaST 1.2