Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-2629

Published: 15/09/2009 Updated: 10/11/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to F5

Vulnerability Summary

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 up to and including 0.5.37, 0.6.x prior to 0.6.39, 0.7.x prior to 0.7.62, and 0.8.x prior to 0.8.15 allows remote malicious users to execute arbitrary code via crafted HTTP requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 nginx

debian debian linux 4.0

debian debian linux 5.0

debian debian linux 6.0

fedoraproject fedora 10

fedoraproject fedora 11

fedoraproject fedora 12

Exploits

Exploit DB: Nginx 0.6.38 - Heap Corruption
#!/usr/bin/env python # # Exploit Title: nginx heap corruption # Date: 08/26/2010 # Author: aaron conole <apconole@yahoocom> # Software Link: nginxorg/download/nginx-0638targz # Version: <= 0638, <= 0761 # Tested on: BT4R1 running nginx 0638 locally # CVE: 2009-2629 # # note: this was written and tested against BT4 T ...

Github Repositories

https://github.com/andrebro242/https-github.com-andrebro242-13-01.md

Домашнее задание к занятию «Уязвимости и атаки на информационные системы» Брюхов А SYS-26 Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспери

https://github.com/secure-rewind-and-discard/sdrad_utils

SDRaD Evaluations This repository contains useful scripts and commands for evaluating SDRaD Memcached To measure the restart time of a Dockerized Memcached, use the following commands: Measuring Docker Restart Time docker run -d --restart unless-stopped -p 11211:11211 memcached docker system events --filter 'event=start' --filter 'event=die' | cut -d : -f

Recent Articles

Osama’s home videos and The ‘Advertising’ Botnet
Securelist • Dmitry Bestuzhev • 08 May 2011

Yesterday the US government released some home videos of Osama Bin Laden in his Pakistani hideout. Screenshots from the video were used for malicious blackhat SEO via Google Images. Many legitimate nginx-based Web sites were attacked and exploited by taking advantage of the CVE-2009-2629 vulnerability. The compromised sites were injected with the following script: It leads to a malicious .cc domain site with an exploit for the CVE-2010-1885 vulnerability (the same vulnerability used recently for...

Read more...

References

CWE-787http://nginx.net/CHANGES-0.6http://nginx.net/CHANGES-0.7http://www.debian.org/security/2009/dsa-1884http://nginx.net/CHANGES-0.5http://www.kb.cert.org/vuls/id/180065http://sysoev.ru/nginx/patch.180065.txthttp://nginx.net/CHANGEShttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlhttps://nvd.nist.govhttps://github.com/andrebro242/https-github.com-andrebro242-13-01.mdhttps://www.exploit-db.com/exploits/14830/https://www.kb.cert.org/vuls/id/180065
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook