|Title:||nginx HTTP Request Remote Buffer Overflow Vulnerability|
|Summary:||Check if nginx is vulnerable to Buffer Overflow|
Overview: This host is running nginx and is prone to buffer-overflow
The flaw is due to an error in 'src/http/ngx_http_parse.c' which
allows remote attackers to execute arbitrary code via crafted HTTP requests.
Successful exploitation will allow attacker to execute arbitrary code
within the context of the affected application. Failed exploit attempts
will result in a denial-of-service condition.
Impact Level: Application
nginx versions 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62,
and 0.8.x before 0.8.15.
Fix: Upgrade to nginx versions 0.5.38, 0.6.39, 0.7.62 or 0.8.15,
For updates refer to http://nginx.org/en/download.html
BugTraq ID: 36384|
Common Vulnerability Exposure (CVE) ID: CVE-2009-2629
Debian Security Information: DSA-1884 (Google Search)
CERT/CC vulnerability note: VU#180065
|Copyright||Copyright (C) 2010 Greenbone Networks GmbH|
|This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.