When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"unresolved_ranges": [
{
"vendor_product": "f5:nginx_plus",
"cpes": [
"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "r33"
},
{
"fixed": "r35"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "f5:nginx_plus",
"cpes": [
"cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "r32-NA"
},
{
"last_affected": "r32-NA"
},
{
"introduced": "r32-p1"
},
{
"last_affected": "r32-p1"
},
{
"introduced": "r32-p2"
},
{
"last_affected": "r32-p2"
},
{
"introduced": "r32-p3"
},
{
"last_affected": "r32-p3"
},
{
"introduced": "r32-p4"
},
{
"last_affected": "r32-p4"
},
{
"introduced": "r35-NA"
},
{
"last_affected": "r35-NA"
},
{
"introduced": "r35-p1"
},
{
"last_affected": "r35-p1"
},
{
"introduced": "r36-NA"
},
{
"last_affected": "r36-NA"
},
{
"introduced": "r36-p1"
},
{
"last_affected": "r36-p1"
},
{
"introduced": "r36-p2"
},
{
"last_affected": "r36-p2"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0.5.15"
},
{
"last_affected": "0.9.7"
},
{
"introduced": "1.0.0"
},
{
"fixed": "1.28.3"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.7"
}
]
}