PT-2009-5026 · Nginx · Nginx

Chris Ries

Published

2009-09-15

Updated

2021-11-10

CVE-2009-2629

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nginx versions 0.1.0 through 0.5.37 nginx versions 0.6.x before 0.6.39 nginx versions 0.7.x before 0.7.62 nginx versions 0.8.x before 0.8.15

Description A buffer underflow issue in the src/http/ngx http parse.c file allows remote attackers to execute arbitrary code via crafted HTTP requests.

Recommendations For versions 0.1.0 through 0.5.37, update to a version after 0.5.37. For versions 0.6.x before 0.6.39, update to version 0.6.39 or later. For versions 0.7.x before 0.7.62, update to version 0.7.62 or later. For versions 0.8.x before 0.8.15, update to version 0.8.15 or later.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2009-2629

DSA-1884-1

Affected Products

Nginx

PT-2009-5026 · Nginx · Nginx

CVE-2009-2629

Weakness Enumeration

Related Identifiers

Affected Products

References · 17