nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
CVSS v2.0 Score
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Information
- Published
- 15 juin 2010
- Updated
- 11 avr. 2025
- Status
- Deferred
- Source
- cve@mitre.org
Affected products
f5 nginxAll nginx CVEs →
Versions : 0.7.67, 0.8.40
Weaknesses (CWE)
CWE-22
References (2)
- http://www.exploit-db.com/exploits/13818/ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13818/ExploitThird Party AdvisoryVDB Entry
Similar CVEs
Other vulnerabilities of type CWE-22
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.