Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Remediation

References

CVE-2010-2263

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43703)

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2289)

SharePoint CVE-2019-1201 Vulnerability (CVE-2019-1201)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)

Severity

Medium

Classification

CVE-2010-2263 CWE-200

Tags

Missing Update Known Vulnerabilities