Summary
This host is running nginx and is prone to arbitrary code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execution arbitrary code.
Impact Level: Application
Solution
Upgrade to nginx 0.7.66 or 0.7.38 or later,
For updates refer to http://nginx.org
Insight
The null bytes are allowed in URIs by default (their presence is indicated via a variable named zero_in_uri defined in ngx_http_request.h). Individual modules have the ability to opt-out of handling URIs with null bytes.
Affected
nginx versions 0.5.x, 0.6.x, 0.7.x to 0.7.65 and 0.8.x to 0.8.37
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability
- Apache Open For Business Weak Password security check
- IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
- Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
- CoreHTTP CGI Support Remote Command Execution Vulnerability