Summary
This host is running nginx and is prone to arbitrary code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execution arbitrary code.
Impact Level: Application
Solution
Upgrade to nginx 0.7.66 or 0.7.38 or later,
For updates refer to http://nginx.org
Insight
The null bytes are allowed in URIs by default (their presence is indicated via a variable named zero_in_uri defined in ngx_http_request.h). Individual modules have the ability to opt-out of handling URIs with null bytes.
Affected
nginx versions 0.5.x, 0.6.x, 0.7.x to 0.7.65 and 0.8.x to 0.8.37
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Null HTTPd Server Content-Length HTTP Header Buffer overflow Vulnerability
- Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
- EasyPHP Webserver Multiple Vulnerabilities
- httpdx 'USER' Command Remote Format String Vulnerability
- Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability