Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4963

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4963
Last Modified 27 Jul 2012 12:00:00
Published 26 Jul 2012 03:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4963

Summary

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.

Vulnerable Systems

Application

  • Igor Sysoev Nginx 1.2.0

  • Igor Sysoev Nginx 1.3.0


References

CONFIRM - http://nginx.org/en/security_advisories.html

MLIST - [nginx-announce] 20120605 security advisory

MISC - http://english.securitylab.ru/lab/PT-2012-06


Last Updated: 27 May 2016 10:55:01