ID

VAR-201006-0493


CVE

CVE-2010-2263


TITLE

nginx Vulnerabilities in which source code is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-004869

DESCRIPTION

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected

Trust: 2.43

sources: NVD: CVE-2010-2263 // JVNDB: JVNDB-2010-004869 // CNVD: CNVD-2010-1094 // BID: 40760

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1094

AFFECTED PRODUCTS

vendor:f5model:nginxscope:lteversion:0.8.39

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.7.66

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.8.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.7.52

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:ltversion:0.8

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.7.66

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.8.40

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.7

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.16

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.15

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.14

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.3

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.4

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.13

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.20

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.8.36

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.35

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.33

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.32

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.15

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.65

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.64

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.62

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.61

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.8.41

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.7.66

Trust: 0.3

sources: CNVD: CNVD-2010-1094 // BID: 40760 // JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2263
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-2263
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-224
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2010-2263
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2010-004869 // NVD: CVE-2010-2263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-224

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201006-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004869

PATCH

title:Top Pageurl:http://nginx.org/

Trust: 0.8

title:Nginx remote source code leak and denial of service patchurl:https://www.cnvd.org.cn/patchInfo/show/454

Trust: 0.6

title:Vulnerabilities with Windows file default streamurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3683

Trust: 0.6

sources: CNVD: CNVD-2010-1094 // JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224

EXTERNAL IDS

db:NVDid:CVE-2010-2263

Trust: 2.7

db:BIDid:40760

Trust: 2.5

db:EXPLOIT-DBid:13822

Trust: 1.6

db:EXPLOIT-DBid:13818

Trust: 1.6

db:JVNDBid:JVNDB-2010-004869

Trust: 0.8

db:CNVDid:CNVD-2010-1094

Trust: 0.6

db:CNNVDid:CNNVD-201006-224

Trust: 0.6

sources: CNVD: CNVD-2010-1094 // BID: 40760 // JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

REFERENCES

url:http://www.exploit-db.com/exploits/13822

Trust: 1.6

url:http://www.securityfocus.com/bid/40760

Trust: 1.6

url:http://www.exploit-db.com/exploits/13818

Trust: 1.6

url:http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263

Trust: 0.8

url:http://www.securityfocus.com/bid/40760/

Trust: 0.6

url:http://nginx.org/

Trust: 0.3

sources: CNVD: CNVD-2010-1094 // BID: 40760 // JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

CREDITS

Dr_IDE Jose Antonio Vazquez Gonzalez

Trust: 0.6

sources: CNNVD: CNNVD-201006-224

SOURCES

db:CNVDid:CNVD-2010-1094
db:BIDid:40760
db:JVNDBid:JVNDB-2010-004869
db:CNNVDid:CNNVD-201006-224
db:NVDid:CVE-2010-2263

LAST UPDATE DATE

2024-08-14T14:58:33.751000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-1094date:2010-06-13T00:00:00
db:BIDid:40760date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-004869date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201006-224date:2023-05-15T00:00:00
db:NVDid:CVE-2010-2263date:2021-11-10T15:52:53.917

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-1094date:2010-06-13T00:00:00
db:BIDid:40760date:2010-06-11T00:00:00
db:JVNDBid:JVNDB-2010-004869date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201006-224date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2263date:2010-06-15T14:04:24.313