Sign-up

ID

VAR-201006-0493


CVE

CVE-2010-2263


TITLE

nginx Vulnerabilities in which source code is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-004869

DESCRIPTION

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected

Trust: 2.43

sources: NVD: CVE-2010-2263 // JVNDB: JVNDB-2010-004869 // CNVD: CNVD-2010-1094 // BID: 40760

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1094

AFFECTED PRODUCTS

vendor:f5model:nginxscope:lteversion:0.8.39

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.7.66

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.8.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.7.52

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:ltversion:0.8

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.7.66

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.8.40

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.7

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.16

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.15

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.14

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.3

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.4

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.13

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.20

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.8.36

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.35

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.33

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.32

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.15

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.8.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.65

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.64

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.62

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.61

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.8.41

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.7.66

Trust: 0.3

sources: CNVD: CNVD-2010-1094 // BID: 40760 // JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2263
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-2263
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-224
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2010-2263
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-004869 // CNNVD: CNNVD-201006-224 // NVD: CVE-2010-2263

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2010-004869 // NVD: CVE-2010-2263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-224

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201006-224

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004869

PATCH
title:Top Pageurl:http://nginx.org/
Trust: 0.8
title:Nginx remote source code leak and denial of service patchurl:https://www.cnvd.org.cn/patchInfo/show/454
Trust: 0.6
title:Vulnerabilities with Windows file default streamurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3683
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-1094 // 
            
            
            
            JVNDB: JVNDB-2010-004869 // 
            
            
            
            CNNVD: CNNVD-201006-224

EXTERNAL IDS
db:NVDid:CVE-2010-2263
Trust: 2.7
db:BIDid:40760
Trust: 2.5
db:EXPLOIT-DBid:13822
Trust: 1.6
db:EXPLOIT-DBid:13818
Trust: 1.6
db:JVNDBid:JVNDB-2010-004869
Trust: 0.8
db:CNVDid:CNVD-2010-1094
Trust: 0.6
db:CNNVDid:CNNVD-201006-224
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-1094 // 
            
            
            
            BID: 40760 // 
            
            
            
            JVNDB: JVNDB-2010-004869 // 
            
            
            
            CNNVD: CNNVD-201006-224 // 
            
            
            
            NVD: CVE-2010-2263

REFERENCES
url:http://www.exploit-db.com/exploits/13822
Trust: 1.6
url:http://www.securityfocus.com/bid/40760
Trust: 1.6
url:http://www.exploit-db.com/exploits/13818
Trust: 1.6
url:http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263
Trust: 0.8
url:http://www.securityfocus.com/bid/40760/
Trust: 0.6
url:http://nginx.org/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2010-1094 // 
            
            
            
            BID: 40760 // 
            
            
            
            JVNDB: JVNDB-2010-004869 // 
            
            
            
            CNNVD: CNNVD-201006-224 // 
            
            
            
            NVD: CVE-2010-2263

CREDITS
Dr_IDE Jose Antonio Vazquez Gonzalez
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201006-224

SOURCES
db:CNVDid:CNVD-2010-1094
db:BIDid:40760
db:JVNDBid:JVNDB-2010-004869
db:CNNVDid:CNNVD-201006-224
db:NVDid:CVE-2010-2263

LAST UPDATE DATE
2024-08-14T14:58:33.751000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-1094date:2010-06-13T00:00:00
db:BIDid:40760date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-004869date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201006-224date:2023-05-15T00:00:00
db:NVDid:CVE-2010-2263date:2021-11-10T15:52:53.917

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-1094date:2010-06-13T00:00:00
db:BIDid:40760date:2010-06-11T00:00:00
db:JVNDBid:JVNDB-2010-004869date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201006-224date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2263date:2010-06-15T14:04:24.313