Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

nginx < 1.4.1 / 1.5.0 Multiple Vulnerabilities



The remote web server is running an outdated version of nginx and is thus affected by several vulnerabilities.


Older versions of nginx are affected by the following vulnerabilities:

- Older versions using proxy_pass can cause denial of service or disclosure of worker process memory. Failed exploit attempts will result in a denial-of-service condition. (CVE-2013-2070)

- A related vulnerability in nginx versions 1.3.9-1.4.0 is a stack-based buffer-overflow vulnerability, due to an error in the 'ngx_http_parse.c' source file. Specifically, this issue occurs in a worker process when handling a specially crafted request. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application (CVE-2013-2028).


Patches are available and the problem is fixed in nginx versions 1.5.0 and 1.4.1.