Summary
This host is running nginx and is prone to security bypass vulnerability.
Impact
Successful exploitation will let attackers to gain unauthorized access to restricted resources via specially crafted HTTP requests containing NTFS extended attributes.
Impact Level: Application
Solution
Upgrade to nginx version 1.3.1 or 1.2.1 or later,
For updates refer to http://nginx.org
Insight
The flaw is due to an error when processing HTTP requests for resources defined via the 'location' directive.
Affected
nginx versions 0.7.52 through 1.2.0 and 1.3.0 on Windows
References
- http://blog.ptsecurity.com/2012/06/vulnerability-in-nginx-eliminated.html
- http://english.securitylab.ru/lab/PT-2012-06
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
- http://nginx.org/en/security_advisories.html
- http://secunia.com/advisories/50912
- http://www.osvdb.org/84339
- http://xforce.iss.net/xforce/xfdb/77244
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4963 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aspen Sever Directory Traversal Vulnerability
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- Check for IIS .cnf file leakage