header-logo
Suggest Exploit
vendor:
nginx
by:
Kingcope
8,8
CVSS
HIGH
Security-Bypass
20
CWE
Product Name: nginx
Affected Version From: 0.8.41
Affected Version To: 1.5.6
Patch Exists: YES
Related CWE: CVE-2014-3616
CPE: a:nginx:nginx
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-3616/https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-3616/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2014-421/https://www.rapid7.com/db/vulnerabilities/nginx-cve-2014-3616/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-77b784bb-3dc6-11e4-b191-f0def16c5c1b/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2014

nginx Remote Security-Bypass Vulnerability

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

Mitigation:

Upgrade to nginx version 1.5.7 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/63814/info

nginx is prone to a remote security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

nginx 0.8.41 through 1.5.6 are vulnerable. 

The following example data is available:

/file \0.php

Navigation

Suggest Exploit

Services By CQR