[VU:180065] Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
Overview
A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.
Impact
As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service.
Solution
Upgrade or apply a patch Updated versions of the nginx package have been released to address this issue. Users should consult the Systems Affected section of this document for information about specific vendors.
Acknowledgements
Thanks to Chris Ries of the Carnegie Mellon University Information Security Office for reporting this vulnerability.
- ID
- VU:180065
- Severity
- high
- Severity from
- CVE-2009-2629
- URL
- https://kb.cert.org/vuls/id/180065
- Published
-
2009-09-15T18:17:45
(15 years ago) - Modified
-
2009-09-21T19:50:09
(15 years ago) - Rights
- Copyright 2009, CERT Coordination Center (CERT/CC)
- Other Advisories
FEDORA-2009-12750
FREEBSD:152B27F0-A158-11DE-990C-E5B1D4C882E0
GLSA-200909-18
NGINX:CVE-2009-2629| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |