Action not permitted
Modal body text goes here.
cve-2019-20372
Vulnerability from cvelistv5
Published
2020-01-09 20:05
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nginx.org/en/CHANGES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"name": "USN-4235-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"name": "USN-4235-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0003/"
},
{
"name": "openSUSE-SU-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T23:06:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://nginx.org/en/CHANGES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"name": "USN-4235-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"name": "USN-4235-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0003/"
},
{
"name": "openSUSE-SU-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf",
"refsource": "MISC",
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"name": "http://nginx.org/en/CHANGES",
"refsource": "MISC",
"url": "http://nginx.org/en/CHANGES"
},
{
"name": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020",
"refsource": "MISC",
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/pull/4859",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e",
"refsource": "CONFIRM",
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"name": "USN-4235-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"name": "USN-4235-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200127-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200127-0003/"
},
{
"name": "openSUSE-SU-2020:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20372",
"datePublished": "2020-01-09T20:05:38",
"dateReserved": "2020-01-09T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-20372\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-09T21:15:12.027\",\"lastModified\":\"2022-04-06T16:10:54.287\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.\"},{\"lang\":\"es\",\"value\":\"NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer p\u00e1ginas web no autorizadas en entornos donde NGINX est\u00e1 al frente de un equilibrador de carga.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.7\",\"matchCriteriaId\":\"4B1CA2FC-6A59-4EC9-8F86-BFA903DE28AE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0\",\"matchCriteriaId\":\"BB279F6B-EE4C-4885-9CD4-657F6BD2548F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://nginx.org/en/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/36\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://duo.com/docs/dng-notes#version-1.5.4-january-2020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/ingress-nginx/pull/4859\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200127-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4235-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4235-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2021_0779
Vulnerability from csaf_redhat
Published
2021-03-09 15:50
Modified
2024-11-15 04:24
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update
Notes
Topic
Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
* Upgraded to a more recent version of autobahn to address CVE-2020-35678.
* Upgraded to a more recent version of nginx to address CVE-2019-20372.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
* Improved analytics collection to collect the playbook status for all hosts in a playbook run
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678.\n* Upgraded to a more recent version of nginx to address CVE-2019-20372.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.\n* Improved analytics collection to collect the playbook status for all hosts in a playbook run",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0779",
"url": "https://access.redhat.com/errata/RHSA-2021:0779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "1911314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911314"
},
{
"category": "external",
"summary": "1928847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0779.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T04:24:22+00:00",
"generator": {
"date": "2024-11-15T04:24:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0779",
"initial_release_date": "2021-03-09T15:50:15+00:00",
"revision_history": [
{
"date": "2021-03-09T15:50:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-03-09T15:50:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:24:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.7 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.7 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64",
"product": {
"name": "ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64",
"product_id": "ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-rhel7\u0026tag=3.7.5-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64 as a component of Red Hat Ansible Tower 3.7 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
},
"product_reference": "ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20372",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790277"
}
],
"notes": [
{
"category": "description",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Tower 3.5 and 3.6 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, Ansible Tower 3.5 and 3.6 are distributing nginx 1.14 and 1.16 vulnerable versions as a dependency and configuration could be modified making it vulnerable.\n\nRed Hat CloudForms Management Engine 5.9 and 5.10 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, both mentioned builds ships vulnerable nginx versions 1.10 and 1.14 respectively. CloudForms 5.11 does not use nginx directly hence it is not vulnerable.\n\nRed Hat Quay\u0027s configuration of nginx means it\u0027s not affected by this issue. It doesn\u0027t use error_page to do a 302 redirect. It\u0027s only use of error_page uses a named location ie:\nerror_page 404 /404.html;\n location = /40x.html {\n }\nerror_page 500 502 503 504 /50x.html;\n location = /50x.html {\n}",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20372"
},
{
"category": "external",
"summary": "RHBZ#1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:15+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0779"
},
{
"category": "workaround",
"details": "To mitigate this issue, use a named location instead of having the error_page handler do the redirect, this configuration is not vulnerable to request smuggling on all versions of NGINX we tested.\nserver {\n listen 80;\n server_name localhost;\n error_page 401 @401;\n location / {\n return 401;\n }\n location @401 {\n return 302 http://example.org;\n }\n}",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page"
},
{
"cve": "CVE-2020-35678",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1911314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-autobahn, where it allows redirect header injection. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-autobahn: allows redirect header injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-autobahn package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-35678"
},
{
"category": "external",
"summary": "RHBZ#1911314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-35678",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35678"
}
],
"release_date": "2020-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:15+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0779"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-autobahn: allows redirect header injection"
},
{
"acknowledgments": [
{
"names": [
"Matei Mal Badanoiu"
],
"organization": "Deloitte Romania"
}
],
"cve": "CVE-2021-20253",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible-tower: Privilege escalation via job isolation escape",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20253"
},
{
"category": "external",
"summary": "RHBZ#1928847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20253"
}
],
"release_date": "2021-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:15+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0779"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.7:ansible-tower-37/ansible-tower-rhel7@sha256:728bcbeb14e0ea15a78fc5620075357758c79072e0378ec7d249d01aa966ed24_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ansible-tower: Privilege escalation via job isolation escape"
}
]
}
rhsa-2020_5495
Vulnerability from csaf_redhat
Published
2020-12-15 17:12
Modified
2024-11-15 04:23
Summary
Red Hat Security Advisory: nginx:1.16 security update
Notes
Topic
An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: HTTP request smuggling in configurations with URL redirect used as error_page (CVE-2019-20372)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: HTTP request smuggling in configurations with URL redirect used as error_page (CVE-2019-20372)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5495",
"url": "https://access.redhat.com/errata/RHSA-2020:5495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5495.json"
}
],
"title": "Red Hat Security Advisory: nginx:1.16 security update",
"tracking": {
"current_release_date": "2024-11-15T04:23:48+00:00",
"generator": {
"date": "2024-11-15T04:23:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5495",
"initial_release_date": "2020-12-15T17:12:43+00:00",
"revision_history": [
{
"date": "2020-12-15T17:12:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-12-15T17:12:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:23:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx:1.16:8030020201124104955:229f0a1c",
"product": {
"name": "nginx:1.16:8030020201124104955:229f0a1c",
"product_id": "nginx:1.16:8030020201124104955:229f0a1c",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nginx@1.16:8030020201124104955:229f0a1c"
}
}
},
{
"category": "product_version",
"name": "nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product": {
"name": "nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product_id": "nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-all-modules@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product": {
"name": "nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product_id": "nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-filesystem@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"product": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"product_id": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debugsource@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_id": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debugsource@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_id": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debugsource@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_id": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-debugsource@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-image-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-perl-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-http-xslt-filter-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-mail-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_id": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-mod-stream-debuginfo@1.16.1-1.module%2Bel8.3.0%2B8844%2Be5e7039f.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
"product_reference": "nginx:1.16:8030020201124104955:229f0a1c",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src"
},
"product_reference": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch"
},
"product_reference": "nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch"
},
"product_reference": "nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64"
},
"product_reference": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le"
},
"product_reference": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x"
},
"product_reference": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64 as a component of nginx:1.16:8030020201124104955:229f0a1c as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
},
"product_reference": "nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20372",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790277"
}
],
"notes": [
{
"category": "description",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Tower 3.5 and 3.6 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, Ansible Tower 3.5 and 3.6 are distributing nginx 1.14 and 1.16 vulnerable versions as a dependency and configuration could be modified making it vulnerable.\n\nRed Hat CloudForms Management Engine 5.9 and 5.10 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, both mentioned builds ships vulnerable nginx versions 1.10 and 1.14 respectively. CloudForms 5.11 does not use nginx directly hence it is not vulnerable.\n\nRed Hat Quay\u0027s configuration of nginx means it\u0027s not affected by this issue. It doesn\u0027t use error_page to do a 302 redirect. It\u0027s only use of error_page uses a named location ie:\nerror_page 404 /404.html;\n location = /40x.html {\n }\nerror_page 500 502 503 504 /50x.html;\n location = /50x.html {\n}",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20372"
},
{
"category": "external",
"summary": "RHBZ#1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T17:12:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5495"
},
{
"category": "workaround",
"details": "To mitigate this issue, use a named location instead of having the error_page handler do the redirect, this configuration is not vulnerable to request smuggling on all versions of NGINX we tested.\nserver {\n listen 80;\n server_name localhost;\n error_page 401 @401;\n location / {\n return 401;\n }\n location @401 {\n return 302 http://example.org;\n }\n}",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.src",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-all-modules-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-debugsource-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-filesystem-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-image-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-perl-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-http-xslt-filter-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-mail-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.aarch64",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.ppc64le",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.s390x",
"AppStream-8.3.0.Z.MAIN:nginx:1.16:8030020201124104955:229f0a1c:nginx-mod-stream-debuginfo-1:1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page"
}
]
}
rhsa-2020_2817
Vulnerability from csaf_redhat
Published
2020-07-02 16:19
Modified
2024-11-15 04:21
Summary
Red Hat Security Advisory: rh-nginx116-nginx security update
Notes
Topic
An update for rh-nginx116-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c (CVE-2019-20372)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-nginx116-nginx is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c (CVE-2019-20372)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2817",
"url": "https://access.redhat.com/errata/RHSA-2020:2817"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2817.json"
}
],
"title": "Red Hat Security Advisory: rh-nginx116-nginx security update",
"tracking": {
"current_release_date": "2024-11-15T04:21:37+00:00",
"generator": {
"date": "2024-11-15T04:21:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:2817",
"initial_release_date": "2020-07-02T16:19:24+00:00",
"revision_history": [
{
"date": "2020-07-02T16:19:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-02T16:19:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:21:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-image-filter@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-perl@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-xslt-filter@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-mail@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-stream@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"product": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"product_id": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-debuginfo@1.16.1-4.el7.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-image-filter@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-perl@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-xslt-filter@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-mail@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-stream@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"product": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"product_id": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-debuginfo@1.16.1-4.el7.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-image-filter@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-perl@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-xslt-filter@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-mail@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-stream@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"product": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"product_id": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-debuginfo@1.16.1-4.el7.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"product": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"product_id": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx@1.16.1-4.el7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-image-filter@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-perl@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-http-xslt-filter@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-mail@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-mod-stream@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"product": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"product_id": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-nginx116-nginx-debuginfo@1.16.1-4.el7.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
},
"product_reference": "rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20372",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790277"
}
],
"notes": [
{
"category": "description",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Tower 3.5 and 3.6 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, Ansible Tower 3.5 and 3.6 are distributing nginx 1.14 and 1.16 vulnerable versions as a dependency and configuration could be modified making it vulnerable.\n\nRed Hat CloudForms Management Engine 5.9 and 5.10 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, both mentioned builds ships vulnerable nginx versions 1.10 and 1.14 respectively. CloudForms 5.11 does not use nginx directly hence it is not vulnerable.\n\nRed Hat Quay\u0027s configuration of nginx means it\u0027s not affected by this issue. It doesn\u0027t use error_page to do a 302 redirect. It\u0027s only use of error_page uses a named location ie:\nerror_page 404 /404.html;\n location = /40x.html {\n }\nerror_page 500 502 503 504 /50x.html;\n location = /50x.html {\n}",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20372"
},
{
"category": "external",
"summary": "RHBZ#1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T16:19:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx116-nginx service must be restarted for this update to take effect.",
"product_ids": [
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2817"
},
{
"category": "workaround",
"details": "To mitigate this issue, use a named location instead of having the error_page handler do the redirect, this configuration is not vulnerable to request smuggling on all versions of NGINX we tested.\nserver {\n listen 80;\n server_name localhost;\n error_page 401 @401;\n location / {\n return 401;\n }\n location @401 {\n return 302 http://example.org;\n }\n}",
"product_ids": [
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-Alt-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.6.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5-7.7.Z:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Server-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Server-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.src",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-debuginfo-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-image-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-perl-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-http-xslt-filter-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-mail-1:1.16.1-4.el7.1.x86_64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.aarch64",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.ppc64le",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.s390x",
"7Workstation-RHSCL-3.5:rh-nginx116-nginx-mod-stream-1:1.16.1-4.el7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page"
}
]
}
rhsa-2021_0778
Vulnerability from csaf_redhat
Published
2021-03-09 15:50
Modified
2025-03-25 16:58
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update
Notes
Topic
Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
* Upgraded to a more recent version of nginx to address CVE-2019-20372
* Upgraded to a more recent version of autobahn to address CVE-2020-35678
* Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253\n* Upgraded to a more recent version of nginx to address CVE-2019-20372\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678\n* Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0778",
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1911314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911314"
},
{
"category": "external",
"summary": "1928847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928847"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0778.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update",
"tracking": {
"current_release_date": "2025-03-25T16:58:09+00:00",
"generator": {
"date": "2025-03-25T16:58:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.1"
}
},
"id": "RHSA-2021:0778",
"initial_release_date": "2021-03-09T15:50:37+00:00",
"revision_history": [
{
"date": "2021-03-09T15:50:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-03-09T15:50:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-25T16:58:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.7-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20372",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790277"
}
],
"notes": [
{
"category": "description",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Tower 3.5 and 3.6 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, Ansible Tower 3.5 and 3.6 are distributing nginx 1.14 and 1.16 vulnerable versions as a dependency and configuration could be modified making it vulnerable.\n\nRed Hat CloudForms Management Engine 5.9 and 5.10 are not vulnerable by default as are not using error_page variable in the nginx configuration. However, both mentioned builds ships vulnerable nginx versions 1.10 and 1.14 respectively. CloudForms 5.11 does not use nginx directly hence it is not vulnerable.\n\nRed Hat Quay\u0027s configuration of nginx means it\u0027s not affected by this issue. It doesn\u0027t use error_page to do a 302 redirect. It\u0027s only use of error_page uses a named location ie:\nerror_page 404 /404.html;\n location = /40x.html {\n }\nerror_page 500 502 503 504 /50x.html;\n location = /50x.html {\n}",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20372"
},
{
"category": "external",
"summary": "RHBZ#1790277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:37+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "workaround",
"details": "To mitigate this issue, use a named location instead of having the error_page handler do the redirect, this configuration is not vulnerable to request smuggling on all versions of NGINX we tested.\nserver {\n listen 80;\n server_name localhost;\n error_page 401 @401;\n location / {\n return 401;\n }\n location @401 {\n return 302 http://example.org;\n }\n}",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:37+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:37+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2020-35678",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1911314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-autobahn, where it allows redirect header injection. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-autobahn: allows redirect header injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-autobahn package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-35678"
},
{
"category": "external",
"summary": "RHBZ#1911314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-35678",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35678"
}
],
"release_date": "2020-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:37+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-autobahn: allows redirect header injection"
},
{
"acknowledgments": [
{
"names": [
"Matei Mal Badanoiu"
],
"organization": "Deloitte Romania"
}
],
"cve": "CVE-2021-20253",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible-tower: Privilege escalation via job isolation escape",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20253"
},
{
"category": "external",
"summary": "RHBZ#1928847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20253"
}
],
"release_date": "2021-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-09T15:50:37+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:b693ff9d898bc14a776b881bc8c868a7c3472456d6f009bb81d4dd5f85835e28_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ansible-tower: Privilege escalation via job isolation escape"
}
]
}
wid-sec-w-2023-2481
Vulnerability from csaf_certbund
Published
2020-01-09 23:00
Modified
2024-07-30 22:00
Summary
NGINX: Schwachstelle ermöglicht Manipulation von Daten
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
nginx ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy - Software
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NGINX ausnutzen, um Daten zu manipulieren.
Betroffene Betriebssysteme
- Juniper Appliance
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "nginx ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy - Software",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NGINX ausnutzen, um Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Juniper Appliance\n- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2481 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2481.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2481 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2481"
},
{
"category": "external",
"summary": "NATIONAL VULNERABILITY DATABASE vom 2020-01-09",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4235-2 vom 2020-01-15",
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0348-1 vom 2020-02-06",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200348-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4235-1 vom 2020-01-13",
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1171-1 vom 2020-05-05",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201171-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:5495 vom 2020-12-15",
"url": "https://access.redhat.com/errata/RHSA-2020:5495"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-5495 vom 2020-12-18",
"url": "https://linux.oracle.com/errata/ELSA-2020-5495.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0779 vom 2021-03-09",
"url": "https://access.redhat.com/errata/RHSA-2021:0779"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0778 vom 2021-03-09",
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "external",
"summary": "Juniper Security Bulletin JSA11292 vom 2022-01-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11292\u0026cat=SIRT_1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNGINX1-2023-004 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASNGINX1-2023-004.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161954 vom 2024-07-30",
"url": "https://www.ibm.com/support/pages/node/7161954"
}
],
"source_lang": "en-US",
"title": "NGINX: Schwachstelle erm\u00f6glicht Manipulation von Daten",
"tracking": {
"current_release_date": "2024-07-30T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:59:03.856+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2481",
"initial_release_date": "2020-01-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-01-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-01-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-01-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-02-06T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-05-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-12-15T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-09T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-12T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.2",
"product_id": "T036379"
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Security Director Insights",
"product": {
"name": "Juniper Junos Space Security Director Insights",
"product_id": "T021583",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:::security_director_insights"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.17.7",
"product": {
"name": "NGINX NGINX \u003c1.17.7",
"product_id": "T015657"
}
}
],
"category": "product_name",
"name": "NGINX"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20372",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in NGINX, welche in verschiedenen Konfigurationen der \"Error_page\" auftritt. Ein entfernter, anonymer Angreifer kann die Schwachstelle ausnutzen, um Daten zu manipulieren"
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"T000126",
"398363",
"T036379",
"T004914",
"T021583"
]
},
"release_date": "2020-01-09T23:00:00.000+00:00",
"title": "CVE-2019-20372"
}
]
}
sca-2025-0009
Vulnerability from csaf_sick
Published
2025-08-01 13:00
Modified
2025-08-01 13:00
Summary
Vulnerabilities affecting SICK TDC-E210GC
Notes
summary
SICK has identified multiple vulnerabilities in the SICK TDC-E210GC product. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected. At this time, SICK is not aware of any public exploits specifically targeting these vulnerabilities. Customers are strongly advised to apply the recommended workaround for the affected vulnerabilities to reduce potential risk.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has identified multiple vulnerabilities in the SICK TDC-E210GC product. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected. At this time, SICK is not aware of any public exploits specifically targeting these vulnerabilities. Customers are strongly advised to apply the recommended workaround for the affected vulnerabilities to reduce potential risk.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0009.json"
}
],
"title": "Vulnerabilities affecting SICK TDC-E210GC",
"tracking": {
"current_release_date": "2025-08-01T13:00:00.000Z",
"generator": {
"date": "2025-08-01T08:14:37.621Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.32"
}
},
"id": "SCA-2025-0009",
"initial_release_date": "2025-08-01T13:00:00.000Z",
"revision_history": [
{
"date": "2025-08-01T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK TDC-E210GC all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"6070344"
]
}
}
}
],
"category": "product_name",
"name": "TDC-E210GC"
}
],
"category": "product_family",
"name": "Telematic Data Collector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK TDC-E210GC Firmware all versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TDC-E210GC Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TDC-E210GC all Firmware versions",
"product_id": "CSAFPID-0003"
},
"product_reference": "CSAFPID-0002",
"relates_to_product_reference": "CSAFPID-0001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38408",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Remote Code Execution Due to an Inssufficiently Trustworthy Search Path"
},
{
"cve": "CVE-2021-23017",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "summary",
"text": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "NGINX Off-by-One Error"
},
{
"cve": "CVE-2020-12062",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client\u0027s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Inproper Input Validation in OpenSSH 8.2"
},
{
"cve": "CVE-2021-41874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Unauthorized Access Vulnerabiitly in All Versions of Portainer"
},
{
"cve": "CVE-2021-25217",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "A Buffer Overrun in Lease File Parsing Code Can Be Used to Exploit a Common Vulnerability Shared by DHCPD and Dhclient"
},
{
"cve": "CVE-2021-3618",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomainto another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Broken Authentication of TLS"
},
{
"cve": "CVE-2021-28041",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "SSH-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Double Free in OpenSSH"
},
{
"cve": "CVE-2020-15778",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Command Injection in the OpenSSH scp.c to Remote Function"
},
{
"cve": "CVE-2021-42650",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross Site Scripting (XSS) vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Portainer XSS Vulnerability"
},
{
"cve": "CVE-2016-20012",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH User Enumeration"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH VerifyHostKeyDNS Vulnerable to Mashine-in-the-Middle"
},
{
"cve": "CVE-2019-20372",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "NGINX Allows HTTP Request Smuggling"
},
{
"cve": "CVE-2020-14145",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk.\nThe collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Information Leak in the Algorithm Negotiation"
},
{
"cve": "CVE-2021-36368",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user\u0027s behalf. NOTE: the vendor\u0027s position is \"this is not an authentication bypass, since nothing is being bypassed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Vulnerable to Authentication Bypass"
},
{
"cve": "CVE-2022-24961",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. The vulnerability allows the API server to run even when not linked to a Portainer instance recently, posing a security risk.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Portainer Agent API Server Vulnerability"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Denial of Service in HTTP/2 Protocol"
},
{
"cve": "CVE-2021-41617",
"cwe": {
"id": "CWE-273",
"name": "Improper Check for Dropped Privileges"
},
"notes": [
{
"category": "summary",
"text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Privilege Escalation"
},
{
"cve": "CVE-2023-51767",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Authentication Bypass Vulnerability"
},
{
"cve": "CVE-2008-3844",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Trojan Horse at RHEL4 for OpenSSH"
},
{
"cve": "CVE-2022-2929",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "DHCP Memory Leak"
},
{
"cve": "CVE-2022-2928",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "An Option Refcount Overflow Exists in DHCPD"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH Vulnerable for Bypassing Integrity Checks"
},
{
"cve": "CVE-2007-2768",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0003"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "OpenSSH User Enumeration Using OPIE"
}
]
}
ghsa-c9vh-3f9g-f2xf
Vulnerability from github
Published
2022-05-24 17:05
Modified
2022-05-24 17:05
Severity ?
Details
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
{
"affected": [],
"aliases": [
"CVE-2019-20372"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"id": "GHSA-c9vh-3f9g-f2xf",
"modified": "2022-05-24T17:05:58Z",
"published": "2022-05-24T17:05:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"type": "WEB",
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"type": "WEB",
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"type": "WEB",
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200127-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212818"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4235-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4235-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"type": "WEB",
"url": "http://nginx.org/en/CHANGES"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2019-20372
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-20372",
"description": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"id": "GSD-2019-20372",
"references": [
"https://www.suse.com/security/cve/CVE-2019-20372.html",
"https://access.redhat.com/errata/RHSA-2021:0779",
"https://access.redhat.com/errata/RHSA-2021:0778",
"https://access.redhat.com/errata/RHSA-2020:5495",
"https://access.redhat.com/errata/RHSA-2020:2817",
"https://ubuntu.com/security/CVE-2019-20372",
"https://advisories.mageia.org/CVE-2019-20372.html",
"https://linux.oracle.com/cve/CVE-2019-20372.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-20372"
],
"details": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",
"id": "GSD-2019-20372",
"modified": "2023-12-13T01:23:42.903823Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf",
"refsource": "MISC",
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"name": "http://nginx.org/en/CHANGES",
"refsource": "MISC",
"url": "http://nginx.org/en/CHANGES"
},
{
"name": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020",
"refsource": "MISC",
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/pull/4859",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e",
"refsource": "CONFIRM",
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"name": "USN-4235-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"name": "USN-4235-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200127-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200127-0003/"
},
{
"name": "openSUSE-SU-2020:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20372"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/ingress-nginx/pull/4859",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/4859"
},
{
"name": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf"
},
{
"name": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020"
},
{
"name": "http://nginx.org/en/CHANGES",
"refsource": "MISC",
"tags": [
"Mitigation",
"Release Notes",
"Vendor Advisory"
],
"url": "http://nginx.org/en/CHANGES"
},
{
"name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e"
},
{
"name": "USN-4235-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4235-1/"
},
{
"name": "USN-4235-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4235-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200127-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0003/"
},
{
"name": "openSUSE-SU-2020:0204",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-04-06T16:10Z",
"publishedDate": "2020-01-09T21:15Z"
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.