5
CVE-2010-2263
- EPSS 71.93%
- Veröffentlicht 15.06.2010 14:04:24
- Zuletzt bearbeitet 16.06.2026 23:20:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 71.93% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html
http://www.exploit-db.com/exploits/13818
http://www.exploit-db.com/exploits/13822
http://www.securityfocus.com/bid/40760