This host is running nginx and is prone to arbitrary code execution vulnerability.
Successful exploitation will allow remote attackers to execution arbitrary code. Impact Level: Application
Upgrade to nginx 0.7.66 or 0.7.38 or later, For updates refer to http://nginx.org
The null bytes are allowed in URIs by default (their presence is indicated via a variable named zero_in_uri defined in ngx_http_request.h). Individual modules have the ability to opt-out of handling URIs with null bytes.
nginx versions 0.5.x, 0.6.x, 0.7.x to 0.7.65 and 0.8.x to 0.8.37
Updated on 2017-03-28
- IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
- ModSecurity Multiple Remote Denial of Service Vulnerabilities
- httpdx 'USER' Command Remote Format String Vulnerability
- Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability