nginx HTTP Request Multiple Vulnerabilities

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The web server on the remote host is affected by multiple
vulnerabilities.

Description :

The remote web server is running nginx, a lightweight, high
performance web server / reverse proxy and email (IMAP/POP3) proxy.

According to its Server response header, the installed version of
nginx is affected by multiple vulnerabilities : - A remote buffer
overflow attack related to its parsing of complex URIs.

- A remote denial of service attack related to its parsing
of HTTP request headers.

See also :

http://nginx.net/CHANGES
http://nginx.net/CHANGES-0.7
http://nginx.net/CHANGES-0.6
http://nginx.net/CHANGES-0.5
http://sysoev.ru/nginx/patch.180065.txt
http://seclists.org/fulldisclosure/2009/Oct/306

Solution :

Upgrade to version 0.8.15, 0.7.62, 0.6.39, 0.5.38, or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 41608 ()

Bugtraq ID: 36384
36839

CVE ID: CVE-2009-2629
CVE-2009-3896