Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 up to and including 0.5.37, 0.6.x prior to 0.6.39, 0.7.x prior to 0.7.62, and 0.8.x prior to 0.8.15 allows remote malicious users to execute arbitrary code via crafted HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 nginx |
||
debian debian linux 4.0 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
fedoraproject fedora 10 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 12 |
Yesterday the US government released some home videos of Osama Bin Laden in his Pakistani hideout. Screenshots from the video were used for malicious blackhat SEO via Google Images. Many legitimate nginx-based Web sites were attacked and exploited by taking advantage of the CVE-2009-2629 vulnerability. The compromised sites were injected with the following script: It leads to a malicious .cc domain site with an exploit for the CVE-2010-1885 vulnerability (the same vulnerability used recently for...