Description

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

Remediation

References

CVE-2010-2266

Related Vulnerabilities

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.6.3)

WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6148)

WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)

WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)

Severity

Medium

Classification

CVE-2010-2266 CWE-22

Tags

Missing Update Known Vulnerabilities