Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Remediation

References

CVE-2010-2263

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-4313)

Apache HTTP Server Interpretation Conflict Vulnerability (CVE-2022-37436)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)

WordPress Plugin Polo Video Gallery-Best wordpress video gallery Cross-Site Scripting (1.2)

Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-34959)

Severity

Medium

Classification

CVE-2010-2263 CWE-200

Tags

Missing Update Known Vulnerabilities