Nginx Security Bypass Vulnerability (Windows) Network Vulnerability

Summary

This host is running nginx and is prone to security bypass vulnerability.

Impact

Successful exploitation will let attackers to gain unauthorized access to restricted resources via specially crafted HTTP requests containing NTFS extended attributes. Impact Level: Application

Solution

Upgrade to nginx version 1.3.1 or 1.2.1 or later, For updates refer to http://nginx.org

Insight

The flaw is due to an error when processing HTTP requests for resources defined via the 'location' directive.

Affected

nginx versions 0.7.52 through 1.2.0 and 1.3.0 on Windows

References

http://blog.ptsecurity.com/2012/06/vulnerability-in-nginx-eliminated.html
http://english.securitylab.ru/lab/PT-2012-06
http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
http://nginx.org/en/security_advisories.html
http://secunia.com/advisories/50912
http://www.osvdb.org/84339
http://xforce.iss.net/xforce/xfdb/77244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4963
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Denial Of Service Vulnerability (Windows)
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
Lighttpd Trailing Slash Information Disclosure Vulnerability
IMail account hijack
Aspen Sever Directory Traversal Vulnerability

nginx Security Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities