help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running

Disclosed: 2016-07-27 20:51:19 By shoveller To nextcloud

Unknown

Vulnerability Details

The https://help.nextcloud.com sub-site is running Nginx/1.10.0 which is vuln to a known issue (CVE-2016-4450) which allows a remote malformed HTTP request to cause the Nginx process to crash. DoS testing is mentioned as not requested, but if you know of an issue give it a go .. You can determine the version running by requesting the IP of the site and getting the HTTP 301, eg: https://88.198.160.135 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450

Actions

View on HackerOne

Report Stats

Report ID: 145409
State: Closed
Substate: resolved
Upvotes: 4

help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running

Vulnerability Details

Actions

Report Stats

Share this report