Summary
nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of- service conditions.
nginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable
other versions may also be affected.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2012-2089 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
- Lil' HTTP Server Cross Site Scripting Vulnerability
- Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability