Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Remediation

References

CVE-2010-2263

Related Vulnerabilities

Drupal Session Fixation Vulnerability (CVE-2008-3222)

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.21)

phpMyAdmin Other Vulnerability (CVE-2006-1804)

Frontaccounting Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-21244)

Severity

Medium

Classification

CVE-2010-2263 CWE-200

Tags

Missing Update Known Vulnerabilities