WEB APPLICATION VULNERABILITIES Standard & Premium

Nginx Out-of-bounds Write Vulnerability (CVE-2013-2028)

Description

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Remediation

References

Related Vulnerabilities

WordPress Plugin Video Lessons Manager-Best Video Course LMS Cross-Site Scripting (1.7.1)

OpenSSL Double Free Vulnerability (CVE-2003-0545)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6434)

Severity

High

Classification

CVE-2013-2028 CWE-787

Tags

Missing Update Known Vulnerabilities