Retour à la recherche

CVE-2013-4547

HIGH

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Score CVSS v2.0

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Informations

Publié: 23 nov. 2013
Mis à jour: 11 avr. 2025
Statut: Deferred
Source: secalert@redhat.com

Produits affectés

f5 nginxToutes les CVE nginx →

Versions : 1.4.4, 1.5.6

suse lifecycle management server

Versions : 1.3

suse studio onsite

Versions : 1.3

suse webyast

Versions : 1.3

opensuse opensuse

Versions : 11.4, 12.2, 12.3, 13.1

Faiblesses (CWE)

CWE-116

Références (18)

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html
Mailing ListThird Party Advisory
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html
MitigationVendor Advisory
http://secunia.com/advisories/55757
Third Party Advisory
http://secunia.com/advisories/55822
Third Party Advisory
http://secunia.com/advisories/55825
Third Party Advisory
http://www.debian.org/security/2012/dsa-2802
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html
Mailing ListThird Party Advisory
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html
MitigationVendor Advisory
http://secunia.com/advisories/55757
Third Party Advisory
+ 3 autres références sur NVD

CVEs similaires

Autres vulnérabilités de type CWE-116

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance