nginx < 1.4.4 / 1.5.7 ngx_parse_http Security Bypass

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a security bypass

Description :

According to the self-reported version in the Server response header,
the installed version of nginx is greater than 0.8.41 but prior to 1.4.4
/ 1.5.7. It is, therefore, affected by a security bypass vulnerability
in 'ngx_http_parse.c' when a file with a space at the end of the URI is

See also :

Solution :

Either apply the patch manually or upgrade to nginx 1.4.4 / 1.5.7 or

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 71117 ()

Bugtraq ID: 63814

CVE ID: CVE-2013-4547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now