1. Home
  2. Vulnerabilities
  3. CVE-2009-2629

CVE-2009-2629

CVSS v2.0 7.5 (High)
75% Progress
EPSS 92.83 % (99th)
92.83% Progress
Affected Products 3
Advisories 9
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

Weaknesses
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2009-09-15 22:30:00
(15 years ago)
Updated Date
2021-11-10 15:52:54
(2 years ago)

Affected Products

Debian

F5

Fedoraproject

Configuration #1

    CPE23 From Up To
  F5 Nginx from 0.1.0 version and prior 0.5.38 version cpe:2.3:a:f5:nginx >= 0.1.0 < 0.5.38
  F5 Nginx from 0.6.0 version and prior 0.6.39 version cpe:2.3:a:f5:nginx >= 0.6.0 < 0.6.39
  F5 Nginx from 0.7.0 version and prior 0.7.62 version cpe:2.3:a:f5:nginx >= 0.7.0 < 0.7.62
  F5 Nginx from 0.8.0 version and prior 0.8.15 version cpe:2.3:a:f5:nginx >= 0.8.0 < 0.8.15

Configuration #2

    CPE23 From Up To
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0
  Debian Linux 6.0 cpe:2.3:o:debian:debian_linux:6.0

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 10 cpe:2.3:o:fedoraproject:fedora:10
  Fedoraproject Fedora 11 cpe:2.3:o:fedoraproject:fedora:11
  Fedoraproject Fedora 12 cpe:2.3:o:fedoraproject:fedora:12