CVE-2011-4963

2022-10-0316:15:13

Debian Security Bug Tracker

security-tracker.debian.org

security bypass

nginx

windows

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain “$index_allocation” sequences in a request.

OSVersionArchitecturePackageVersionFilename
Debian12allnginx< 1.22.1-9nginx_1.22.1-9_all.deb
Debian11allnginx< 1.18.0-6.1+deb11u3nginx_1.18.0-6.1+deb11u3_all.deb
Debian10allnginx< 1.14.2-2+deb10u4nginx_1.14.2-2+deb10u4_all.deb
Debian999allnginx< 1.26.0-1nginx_1.26.0-1_all.deb
Debian13allnginx< 1.26.0-1nginx_1.26.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	nginx	< 1.22.1-9	nginx_1.22.1-9_all.deb
Debian	11	all	nginx	< 1.18.0-6.1+deb11u3	nginx_1.18.0-6.1+deb11u3_all.deb
Debian	10	all	nginx	< 1.14.2-2+deb10u4	nginx_1.14.2-2+deb10u4_all.deb
Debian	999	all	nginx	< 1.26.0-1	nginx_1.26.0-1_all.deb
Debian	13	all	nginx	< 1.26.0-1	nginx_1.26.0-1_all.deb