Vulnerability Description
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx | 1.5.10 |
Related Weaknesses (CWE)
References
- http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.htmlPatch
- http://www.securitytracker.com/id/1030150
- http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.htmlPatch
- http://www.securitytracker.com/id/1030150
FAQ
What is CVE-2014-0088?
CVE-2014-0088 is a vulnerability with a CVSS score of 7.5 (HIGH). The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
How severe is CVE-2014-0088?
CVE-2014-0088 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0088?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx.