Description

This alert was generated using only banner information. It may be a false positive.

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

Remediation

Upgrade nginx to the latest version.

References

nginx Homepage

CVE-2009-2629

Related Vulnerabilities

WordPress Plugin Cimy User Extra Fields Denial of Service (2.6.3)

OpenSSL Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2009-1378)

Oracle Database Server CVE-2011-0852 Vulnerability (CVE-2011-0852)

WordPress 7PK - Security Features Vulnerability (CVE-2014-9039)

WordPress Plugin WP-Predict 'predictId' Parameter Blind SQL Injection (1.0)

Severity

High

Classification

CVE-2009-2629 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Buffer Overflow Missing Update