nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
Score CVSS v2.0
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Informations
- Publié
- 15 juin 2010
- Mis à jour
- 11 avr. 2025
- Statut
- Deferred
- Source
- cve@mitre.org
Produits affectés
f5 nginxToutes les CVE nginx →
Versions : 0.7.66, 0.8.39
Faiblesses (CWE)
CWE-200
Références (8)
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
CVEs similaires
Autres vulnérabilités de type CWE-200
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.