Changes between Initial Version and Version 1 of Ticket #2404


Ignore:
Timestamp:
10/31/22 03:46:02 (2 years ago)
Author:
ossvulns@…
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2404 – Description

    initial v1  
    11I have noticed that the official Windows builds of nginx contain a vulnerability that can potentially be exploited to escalate privileges, by injecting an arbitrary OpenSSL engine library.
    22
    3 Tested versions:
     3**Tested versions:**
    44http://nginx.org/download/nginx-1.22.1.zip (Stable version; SHA1: 15f51260a00624fd83aa33e544448a52e4fe9029)
    55http://nginx.org/download/nginx-1.23.2.zip (Mainline version; SHA1: 1e00daa40d61bc22884d82c2e9b9e3477ba4528a)
    66
    7 Test environment:
     7**Test environment:**
    88Windows 10, x64, 21H2
    99
     
    1717
    1818
    19 Reproduction steps:
    20 
     19**Reproduction steps:**
    21201) As a non-administrator user, create the following folder structure:
    2221{{{