National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2016-1247

Change History

Initial Analysis - 11/29/2016 2:17:17 PM

Action Type Old Value New Value
Changed Reference Type
http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html No Types Assigned
http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html Third Party Advisory, VDB Entry, Exploit
Changed Reference Type
http://seclists.org/fulldisclosure/2016/Nov/78 No Types Assigned
http://seclists.org/fulldisclosure/2016/Nov/78 Third Party Advisory, Mailing List
Changed Reference Type
http://www.debian.org/security/2016/dsa-3701 No Types Assigned
http://www.debian.org/security/2016/dsa-3701 Vendor Advisory
Changed Reference Type
http://www.securityfocus.com/archive/1/archive/1/539796/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/archive/1/539796/100/0/threaded Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securityfocus.com/bid/93903 No Types Assigned
http://www.securityfocus.com/bid/93903 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1037104 No Types Assigned
http://www.securitytracker.com/id/1037104 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.ubuntu.com/usn/USN-3114-1 No Types Assigned
http://www.ubuntu.com/usn/USN-3114-1 Vendor Advisory
Changed Reference Type
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html No Types Assigned
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html Third Party Advisory, Exploit
Changed Reference Type
https://www.exploit-db.com/exploits/40768/ No Types Assigned
https://www.exploit-db.com/exploits/40768/ VDB Entry, Exploit
Added CWE
CWE-59
Added CVSS V2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CPE Configuration
Configuration 1
     AND
          OR
               *cpe:2.3:a:nginx:nginx:1.10.1:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:nginx:nginx:1.10.0:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Configuration 3
     AND
          OR
               *cpe:2.3:a:nginx:nginx:1.6.2:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 4
     AND
          OR
               *cpe:2.3:a:nginx:nginx:1.4.3:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*