Summary
This host is running nginx and is prone to buffer-overflow vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Impact Level: Application
Solution
Upgrade to nginx versions 0.5.38, 0.6.39, 0.7.62 or 0.8.15, For updates refer to http://nginx.org/en/download.html
Insight
The flaw is due to an error in 'src/http/ngx_http_parse.c' which allows remote attackers to execute arbitrary code via crafted HTTP requests.
Affected
nginx versions 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2629 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities