F5

Nginx

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 9.5%
  • Veröffentlicht 06.12.2010 21:05:48
  • Zuletzt bearbeitet 16.06.2026 23:24:18

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte...

Exploit
  • EPSS 21.51%
  • Veröffentlicht 15.06.2010 14:04:24
  • Zuletzt bearbeitet 16.06.2026 23:20:25

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

Exploit
  • EPSS 71.93%
  • Veröffentlicht 15.06.2010 14:04:24
  • Zuletzt bearbeitet 16.06.2026 23:20:25

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Exploit
  • EPSS 27.01%
  • Veröffentlicht 13.01.2010 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:45

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape seq...

Exploit
  • EPSS 15.89%
  • Veröffentlicht 24.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:35

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination...

Exploit
  • EPSS 10.18%
  • Veröffentlicht 24.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:35

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker p...

Exploit
  • EPSS 87.26%
  • Veröffentlicht 09.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:50

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu...

  • EPSS 75.08%
  • Veröffentlicht 15.09.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:52

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.