Description

This alert was generated using only banner information. It may be a false positive.

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

Remediation

Upgrade nginx to the latest version.

References

nginx Homepage

CVE-2009-2629

Related Vulnerabilities

WordPress Plugin Newsletters PHP Object Injection (4.6.8.5)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)

WordPress Plugin Lightweight Accordion Cross-Site Scripting (1.5.14)

WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)

WordPress 4.9.x Cross-Domain Flash Injection Vulnerability (4.9 - 4.9.1)

Severity

High

Classification

CVE-2009-2629 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Buffer Overflow Missing Update