Description

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.

Remediation

References

CVE-2011-4963

Related Vulnerabilities

Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-12027)

WordPress Plugin Abandoned Cart Pro for WooCommerce Cross-Site Scripting (7.11.1)

ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-6578)

WordPress Plugin Login No Captcha reCAPTCHA Security Bypass (1.4.1)

WordPress Plugin WooCommerce Smart Coupons Security Bypass (4.6.0)

Severity

Medium

Classification

CVE-2011-4963

Tags

Missing Update Known Vulnerabilities