Test ID:	1.3.6.1.4.1.25623.1.0.150666
Category:	Web Servers
Title:	nginx 0.8.41 <= 1.5.6 Improper Encoding or Escaping of Output Vulnerability
Summary:	nginx is prone to a improper encoding or escaping of output; vulnerability due to bypass intended restrictions via an unescaped space character in a URI.
Description:	Summary: nginx is prone to a improper encoding or escaping of output vulnerability due to bypass intended restrictions via an unescaped space character in a URI. Vulnerability Insight: Please see the references for more information on the vulnerabilities. Affected Software/OS: nginx version 0.8.41 through 1.4.3 and 1.5.0 through 1.5.6. Solution: Update to version 1.4.4, 1.5.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4547 Debian Security Information: DSA-2802 (Google Search) http://www.debian.org/security/2012/dsa-2802 http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html http://secunia.com/advisories/55757 http://secunia.com/advisories/55822 http://secunia.com/advisories/55825 SuSE Security Announcement: SUSE-SU-2013:1895 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html SuSE Security Announcement: openSUSE-SU-2013:1745 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html SuSE Security Announcement: openSUSE-SU-2013:1791 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html SuSE Security Announcement: openSUSE-SU-2013:1792 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.