Summary
nginx is prone to a remote heap-based buffer-overflow vulnerability.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to nginx 1.0.10 are vulnerable.
Solution
Vendor updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2011-4315 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- Codebrws.asp Source Disclosure Vulnerability
- Ecava IntegraXor Directory Traversal Vulnerability