nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
CVSS v2.0 Score
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Information
- Published
- 15 juin 2010
- Updated
- 11 avr. 2025
- Status
- Deferred
- Source
- cve@mitre.org
Affected products
f5 nginxAll nginx CVEs →
Versions : 0.7.66, 0.8.39
Weaknesses (CWE)
CWE-200
References (8)
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
Similar CVEs
Other vulnerabilities of type CWE-200
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.