This application requires Javascript for optimal performance.

Nginx.Source.Code.Disclosure

Release Date

Dec 24, 2011

Severity

medium

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Igor Sysoev nginx.

The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. As a result, a remote attacker can gain unauthorized access to sensitive information.

Affected Products

Igor Sysoev nginx 0.8.36
Igor Sysoev nginx 0.8.35
Igor Sysoev nginx 0.8.33
Igor Sysoev nginx 0.8.32
Igor Sysoev nginx 0.8.15
Igor Sysoev nginx 0.8.14
Igor Sysoev nginx 0.7.65
Igor Sysoev nginx 0.7.64
Igor Sysoev nginx 0.7.62
Igor Sysoev nginx 0.7.61
Igor Sysoev nginx 0.7

Recommended Actions

Refer to the vendor's website for suggested workaround.
http://nginx.org/

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2010-2263

Reference: VID-30418