| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in nginx up to 1.14.0/1.15.5. It has been classified as problematic. Affected by this issue is some unknown functionality of the component HTTP2 Handler. This manipulation causes resource consumption. This vulnerability appears as CVE-2018-16843. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability classified as problematic was found in nginx up to 1.14.0/1.15.5 (Web Server). Affected by this vulnerability is an unknown code block of the component HTTP2 Handler. The manipulation with an unknown input leads to a resource consumption vulnerability. The CWE definition for the vulnerability is CWE-400. The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. As an impact it is known to affect availability. The summary by CVE is:
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
The bug was discovered 11/06/2018. The weakness was presented 11/07/2018 as confirmed bug report (Bugzilla). It is possible to read the advisory at bugzilla.redhat.com. This vulnerability is known as CVE-2018-16843 since 09/11/2018. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.
The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 118820 (Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nginx vulnerabilities (USN-3812-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 351453 (Amazon Linux Security Advisory for nginx: ALAS-2018-1125).
Upgrading to version 1.14.1 or 1.15.6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (118820), SecurityFocus (BID 105868†) and SecurityTracker (ID 1042038†). See VDB-126524 and VDB-126525 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CNA Base Score: 5.3
CNA Vector (Red Hat, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource consumptionCWE: CWE-400 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 118820
Nessus Name: Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nginx vulnerabilities (USN-3812-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: nginx 1.14.1/1.15.6
Timeline
09/11/2018 🔍11/06/2018 🔍
11/06/2018 🔍
11/07/2018 🔍
11/07/2018 🔍
11/07/2018 🔍
11/07/2018 🔍
11/08/2018 🔍
11/08/2018 🔍
06/05/2023 🔍
Sources
Advisory: USN-3812-1Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-16843 (🔍)
GCVE (CVE): GCVE-0-2018-16843
GCVE (VulDB): GCVE-100-126523
OVAL: 🔍
SecurityFocus: 105868 - nginx Multiple Denial of Service Vulnerabilities
SecurityTracker: 1042038
See also: 🔍
Entry
Created: 11/08/2018 07:50Updated: 06/05/2023 07:38
Changes: 11/08/2018 07:50 (79), 04/11/2020 16:04 (5), 06/05/2023 07:27 (4), 06/05/2023 07:33 (12), 06/05/2023 07:38 (1)
Complete: 🔍
Cache ID: 216:E5C:103
No comments yet. Languages: en.
Please log in to comment.