Vulnerability Details : CVE-2009-2629
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
Vulnerability category: Execute code
Products affected by CVE-2009-2629
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
Threat overview for CVE-2009-2629
Top countries where our scanners detected CVE-2009-2629
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2009-2629 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-2629!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-2629
81.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2629
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-2629
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2629
-
http://www.kb.cert.org/vuls/id/180065
VU#180065 - Nginx ngx_http_parse_complex_uri() buffer underflow vulnerabilityThird Party Advisory;US Government Resource
-
http://sysoev.ru/nginx/patch.180065.txt
404. Страница не найденаBroken Link
-
http://www.debian.org/security/2009/dsa-1884
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code executionThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11Third Party Advisory
-
http://nginx.net/CHANGES-0.7
Release Notes;Vendor Advisory
-
http://nginx.net/CHANGES-0.5
Release Notes;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12Third Party Advisory
-
http://nginx.net/CHANGES-0.6
Release Notes;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10Third Party Advisory
-
http://nginx.net/CHANGES
Release Notes;Vendor Advisory
Jump to