CVE-2009-2629

2009-09-1522:30:00

CWE-787

[email protected]

web.nvd.nist.gov

194

cve-2009-2629

buffer underflow

nvd

security

vulnerability

remote code execution

http requests

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

CPENameOperatorVersion
f5:nginxf5 nginxlt0.5.38
f5:nginxf5 nginxlt0.6.39
f5:nginxf5 nginxlt0.7.62
f5:nginxf5 nginxlt0.8.15
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
debian:debian_linuxdebian debian linuxeq6.0
fedoraproject:fedorafedoraproject fedoraeq11
fedoraproject:fedorafedoraproject fedoraeq10
fedoraproject:fedorafedoraproject fedoraeq12

CPE	Name	Operator	Version
f5:nginx	f5 nginx	lt	0.5.38
f5:nginx	f5 nginx	lt	0.6.39
f5:nginx	f5 nginx	lt	0.7.62
f5:nginx	f5 nginx	lt	0.8.15
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	4.0
debian:debian_linux	debian debian linux	eq	6.0
fedoraproject:fedora	fedoraproject fedora	eq	11
fedoraproject:fedora	fedoraproject fedora	eq	10
fedoraproject:fedora	fedoraproject fedora	eq	12