CVE-2010-2266

CVSS v2.0 5 (Medium)

EPSS 0.45 % (76^th)

Affected Products 1

Advisories 5

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2010-06-15 14:04:24
(14 years ago)
Updated Date: 2021-11-10 15:52:53
(2 years ago)

Affected Products

F5

Nginx

Configuration #1

		CPE23	From	Up To
	F5 Nginx from 0.7.52 version and prior 0.7.67 version	cpe:2.3:a:f5:nginx	>= 0.7.52	< 0.7.67
	F5 Nginx from 0.8.0 version and 0.8.40 and prior versions	cpe:2.3:a:f5:nginx	>= 0.8.0	<= 0.8.40