7.5
CVSSv2

CVE-2013-4547

Published: 23/11/2013 Updated: 10/11/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 nginx

opensuse opensuse 12.3

suse studio onsite 1.3

opensuse opensuse 11.4

suse webyast 1.3

opensuse opensuse 12.2

opensuse opensuse 13.1

suse lifecycle management server 1.3

Vendor Advisories

Debian Bug report logs - #730012 nginx: CVE-2013-4547 Package: nginx; Maintainer for nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Source for nginx is src:nginx (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Nov 2013 06:12:02 UTC Severit ...
Debian Bug report logs - #761940 nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts Package: src:nginx; Maintainer for src:nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Sep 2014 05:09: ...
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request The oldstable distribution (squeeze) is not affected by this problem For the stable distribution (wheezy), this problem has been fixed in version 121-22+wheezy2 Fo ...
nginx 0841 through 143 and 15x before 157 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI ...

Exploits

source: wwwsecurityfocuscom/bid/63814/info nginx is prone to a remote security-bypass vulnerability An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions nginx 0841 through 156 are vulnerable The following example data is available: /file \0php ...

Github Repositories

Nginx 文件名逻辑漏洞(CVE-2013-4547) 漏洞说明 影响版本:Nginx 0841 ~ 143 / 150 ~ 157 参考链接: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2013-4547 blogwernerwiki/file-resolution-vulnerability-nginx/ www91riorg/9064html 漏洞说明 这个漏洞其实和代码执行没有太大关系,其主要原因是错误地解