Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Remediation

References

CVE-2010-2263

Related Vulnerabilities

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6446)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Unspecified Vulnerability (3.1.6)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.25)

Oracle HTTP Server Use After Free Vulnerability (CVE-2019-0211)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)

Severity

Medium

Classification

CVE-2010-2263 CWE-200

Tags

Missing Update Known Vulnerabilities