Products
NGINX Plus
NGINX OSS
Source
f5sirt@f5.com
Tags
CVE-2024-32760 details
Published : May 29, 2024, 4:15 p.m.
Last Modified : May 29, 2024, 7:50 p.m.
Last Modified : May 29, 2024, 7:50 p.m.
Description
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.5 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
6.5
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References
URL | Source |
---|---|
https://my.f5.com/manage/s/article/K000139609 | f5sirt@f5.com |
This website uses the NVD API, but is not approved or certified by it.