23 matches found
Mageia: Security Advisory (MGASA-2013-0160)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nginx 1.4.0 64-bit - Remote Exploit for Linux (Generic)
No description provided by source. nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs from ips.txt...
nginx 1.3.9-1.4.0 - DoS PoC
No description provided by source. Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...
CVE-2013-2028
The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...
Immunity Canvas: NGINX_CHUNK
Name| nginxchunk ---|--- CVE| cve-2013-2028 Exploit Pack| CANVAS Description| Nginx Chunked Encoding Exploit Notes| CVE Name: cve-2013-2028 VENDOR: Nginx Repeatability: The repeatability of this exploit depends on the number of nginx worker processes configured in conf/nginx.conf; the default is ...
Design/Logic Flaw
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...
CVE-2013-2028
The CVE-2013-2028 issue affects nginx 1.3.9–1.4.0, where the ngx_http_parse_chunked function mishandles large chunk sizes in chunked Transfer-Encoding. The root cause is an integer signedness error that leads to a stack-based buffer overflow, enabling remote denial of service and potential code e...
Stack-based buffer overflow with specially crafted request
Stack-based buffer overflow with specially crafted request Severity: major CVE-2013-2028 Not vulnerable: 1.5.0+, 1.4.1+ Vulnerable: 1.3.9-1.4.0...
Updated nginx package fixes security vulnerability
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...
CVE-2013-2028
creationtimestamp| type| source ---|---|--- 2013-05-28 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25775 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nginxchunkedsize.rb 2025-02-06 03:13:41+00:00| seen|...
Fedora Update for nginx FEDORA-2013-8182
Check for the Version of nginx OpenVAS Vulnerability Test Fedora Update for nginx FEDORA-2013-8182 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngxhttpparsechunked by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read...
Nginx 1.3.9, and 1.4. 0 buffer overflow vulnerability, as well as 6 4 bits of the exploit analysis-exploit warning-the black bar safety net
Preface knowledge: CVE-2 0 1 3-2 0 2 8: nginx when processing certain malformed HTTP request length value when there is a problem, an attacker exploiting this vulnerability may cause a stack overflow and thus execute arbitrary code, The minimum can cause a denial of service attack. Affected...
nginx 'ngx_http_parse.c'栈缓冲区溢出漏洞
BUGTRAQ ID: 59699 CVECAN ID: CVE-2013-2028 nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器。 nginx 1.3.9 - 1.4.0在解析HTTP块时,"ngxhttpparsechunked"函数 http/ngxhttpparse.c中存在错误,可被利用造成栈缓冲区溢出。 0 Nginx 1.3.9 - 1.4.0 临时解决方法: 建议您升级到nginx 1.4.1或者是1.5.0。但如果您不能立刻安装补丁或者升级,您可以采取以下措施以降低威胁: 在每个server块中使用如下配置 if $httptransferencodi...
Nginx 1.3.9 1.4.0 - Denial of Service (PoC)
Nginx 1.3.9 1.4.0 - Denial of Service PoC Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...
Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)
Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz Version:...
Nginx 1.3.9 / 1.4.0 Denial Of Service
Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz Version: 1.3.9-1.4.0 Tested on: Kali Linux ...
Fedora 19 : nginx-1.4.1-1.fc19 (2013-7560)
Update to upstream release 1.4.1 which fixes : - CVE-2013-2028: Stack-based buffer overflow when handling certain chunked transfer encoding requests Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...
FreeBSD : nginx -- multiple vulnerabilities (efaa4071-b700-11e2-b1b9-f0def16c5c1b)
The nginx project reports : A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...