Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NGINX ngx_mail_smtp_module vulnerability
Vulnerability Description
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
跨界内存读
Vulnerability Title
F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞
Vulnerability Description
F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。 F5 NGINX Plus和F5 NGINX Open Source存在缓冲区错误漏洞,该漏洞源于ngx_mail_smtp_module在特定配置下可能泄露认证过程中的内存数据。
CVSS Information
N/A
Vulnerability Type
N/A