Summary
This host is running nginx and is prone to security bypass vulnerability.
Impact
Successful exploitation will let attackers to gain unauthorized access to restricted resources via specially crafted HTTP requests containing NTFS extended attributes.
Impact Level: Application
Solution
Upgrade to nginx version 1.3.1 or 1.2.1 or later,
For updates refer to http://nginx.org
Insight
The flaw is due to an error when processing HTTP requests for resources defined via the 'location' directive.
Affected
nginx versions 0.7.52 through 1.2.0 and 1.3.0 on Windows
References
- http://blog.ptsecurity.com/2012/06/vulnerability-in-nginx-eliminated.html
- http://english.securitylab.ru/lab/PT-2012-06
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
- http://nginx.org/en/security_advisories.html
- http://secunia.com/advisories/50912
- http://www.osvdb.org/84339
- http://xforce.iss.net/xforce/xfdb/77244
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4963 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- IBM WebSphere Application Server JNDI information disclosure Vulnerability