CVE-2013-4547
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Encoding or Escaping of Output The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 38846
Publication date : 2013-11-18 23h00 +00:00
Author : Ivan Fratric
EDB Verified : Yes
source: https://www.securityfocus.com/bid/63814/info
nginx is prone to a remote security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
nginx 0.8.41 through 1.5.6 are vulnerable.
The following example data is available:
/file \0.php
Products Mentioned
Configuraton 0
F5>>Nginx >> Version From (including) 0.8.41 To (excluding) 1.4.4
- F5>>Nginx >> Version 0.8.41 (Open CPE detail)
- F5>>Nginx >> Version 0.8.42 (Open CPE detail)
- F5>>Nginx >> Version 0.8.43 (Open CPE detail)
- F5>>Nginx >> Version 0.8.44 (Open CPE detail)
- F5>>Nginx >> Version 0.8.45 (Open CPE detail)
- F5>>Nginx >> Version 0.8.46 (Open CPE detail)
- F5>>Nginx >> Version 0.8.47 (Open CPE detail)
- F5>>Nginx >> Version 0.8.48 (Open CPE detail)
- F5>>Nginx >> Version 0.8.49 (Open CPE detail)
- F5>>Nginx >> Version 0.8.50 (Open CPE detail)
- F5>>Nginx >> Version 0.8.51 (Open CPE detail)
- F5>>Nginx >> Version 0.8.52 (Open CPE detail)
- F5>>Nginx >> Version 0.8.53 (Open CPE detail)
- F5>>Nginx >> Version 0.8.54 (Open CPE detail)
- F5>>Nginx >> Version 0.8.55 (Open CPE detail)
- F5>>Nginx >> Version 0.9.0 (Open CPE detail)
- F5>>Nginx >> Version 0.9.1 (Open CPE detail)
- F5>>Nginx >> Version 0.9.2 (Open CPE detail)
- F5>>Nginx >> Version 0.9.3 (Open CPE detail)
- F5>>Nginx >> Version 0.9.4 (Open CPE detail)
- F5>>Nginx >> Version 0.9.5 (Open CPE detail)
- F5>>Nginx >> Version 0.9.6 (Open CPE detail)
- F5>>Nginx >> Version 0.9.7 (Open CPE detail)
- F5>>Nginx >> Version 1.0.0 (Open CPE detail)
- F5>>Nginx >> Version 1.0.1 (Open CPE detail)
- F5>>Nginx >> Version 1.0.2 (Open CPE detail)
- F5>>Nginx >> Version 1.0.3 (Open CPE detail)
- F5>>Nginx >> Version 1.0.4 (Open CPE detail)
- F5>>Nginx >> Version 1.0.5 (Open CPE detail)
- F5>>Nginx >> Version 1.0.6 (Open CPE detail)
- F5>>Nginx >> Version 1.0.7 (Open CPE detail)
- F5>>Nginx >> Version 1.0.8 (Open CPE detail)
- F5>>Nginx >> Version 1.0.9 (Open CPE detail)
- F5>>Nginx >> Version 1.0.10 (Open CPE detail)
- F5>>Nginx >> Version 1.0.11 (Open CPE detail)
- F5>>Nginx >> Version 1.0.12 (Open CPE detail)
- F5>>Nginx >> Version 1.0.13 (Open CPE detail)
- F5>>Nginx >> Version 1.0.14 (Open CPE detail)
- F5>>Nginx >> Version 1.0.15 (Open CPE detail)
- F5>>Nginx >> Version 1.1.0 (Open CPE detail)
- F5>>Nginx >> Version 1.1.1 (Open CPE detail)
- F5>>Nginx >> Version 1.1.2 (Open CPE detail)
- F5>>Nginx >> Version 1.1.3 (Open CPE detail)
- F5>>Nginx >> Version 1.1.4 (Open CPE detail)
- F5>>Nginx >> Version 1.1.5 (Open CPE detail)
- F5>>Nginx >> Version 1.1.6 (Open CPE detail)
- F5>>Nginx >> Version 1.1.7 (Open CPE detail)
- F5>>Nginx >> Version 1.1.8 (Open CPE detail)
- F5>>Nginx >> Version 1.1.9 (Open CPE detail)
- F5>>Nginx >> Version 1.1.10 (Open CPE detail)
- F5>>Nginx >> Version 1.1.11 (Open CPE detail)
- F5>>Nginx >> Version 1.1.12 (Open CPE detail)
- F5>>Nginx >> Version 1.1.13 (Open CPE detail)
- F5>>Nginx >> Version 1.1.14 (Open CPE detail)
- F5>>Nginx >> Version 1.1.15 (Open CPE detail)
- F5>>Nginx >> Version 1.1.16 (Open CPE detail)
- F5>>Nginx >> Version 1.1.17 (Open CPE detail)
- F5>>Nginx >> Version 1.1.18 (Open CPE detail)
- F5>>Nginx >> Version 1.1.19 (Open CPE detail)
- F5>>Nginx >> Version 1.2.0 (Open CPE detail)
- F5>>Nginx >> Version 1.2.1 (Open CPE detail)
- F5>>Nginx >> Version 1.2.2 (Open CPE detail)
- F5>>Nginx >> Version 1.2.3 (Open CPE detail)
- F5>>Nginx >> Version 1.2.4 (Open CPE detail)
- F5>>Nginx >> Version 1.2.5 (Open CPE detail)
- F5>>Nginx >> Version 1.2.6 (Open CPE detail)
- F5>>Nginx >> Version 1.2.7 (Open CPE detail)
- F5>>Nginx >> Version 1.2.8 (Open CPE detail)
- F5>>Nginx >> Version 1.2.9 (Open CPE detail)
- F5>>Nginx >> Version 1.3.0 (Open CPE detail)
- F5>>Nginx >> Version 1.3.1 (Open CPE detail)
- F5>>Nginx >> Version 1.3.2 (Open CPE detail)
- F5>>Nginx >> Version 1.3.3 (Open CPE detail)
- F5>>Nginx >> Version 1.3.4 (Open CPE detail)
- F5>>Nginx >> Version 1.3.5 (Open CPE detail)
- F5>>Nginx >> Version 1.3.6 (Open CPE detail)
- F5>>Nginx >> Version 1.3.7 (Open CPE detail)
- F5>>Nginx >> Version 1.3.8 (Open CPE detail)
- F5>>Nginx >> Version 1.3.9 (Open CPE detail)
- F5>>Nginx >> Version 1.3.10 (Open CPE detail)
- F5>>Nginx >> Version 1.3.11 (Open CPE detail)
- F5>>Nginx >> Version 1.3.12 (Open CPE detail)
- F5>>Nginx >> Version 1.3.13 (Open CPE detail)
- F5>>Nginx >> Version 1.3.14 (Open CPE detail)
- F5>>Nginx >> Version 1.3.15 (Open CPE detail)
- F5>>Nginx >> Version 1.3.16 (Open CPE detail)
- F5>>Nginx >> Version 1.4.0 (Open CPE detail)
- F5>>Nginx >> Version 1.4.1 (Open CPE detail)
- F5>>Nginx >> Version 1.4.2 (Open CPE detail)
- F5>>Nginx >> Version 1.4.3 (Open CPE detail)
F5>>Nginx >> Version From (including) 1.5.0 To (including) 1.5.6
- F5>>Nginx >> Version 1.5.0 (Open CPE detail)
- F5>>Nginx >> Version 1.5.1 (Open CPE detail)
- F5>>Nginx >> Version 1.5.2 (Open CPE detail)
- F5>>Nginx >> Version 1.5.3 (Open CPE detail)
- F5>>Nginx >> Version 1.5.4 (Open CPE detail)
- F5>>Nginx >> Version 1.5.5 (Open CPE detail)
- F5>>Nginx >> Version 1.5.6 (Open CPE detail)
Configuraton 0
Suse>>Lifecycle_management_server >> Version 1.3
- Suse>>Lifecycle_management_server >> Version 1.3 (Open CPE detail)
Suse>>Studio_onsite >> Version 1.3
- Suse>>Studio_onsite >> Version 1.3 (Open CPE detail)
Suse>>Webyast >> Version 1.3
- Suse>>Webyast >> Version 1.3 (Open CPE detail)
Opensuse>>Opensuse >> Version 11.4
- Opensuse>>Opensuse >> Version 11.4 (Open CPE detail)
Opensuse>>Opensuse >> Version 12.2
- Opensuse>>Opensuse >> Version 12.2 (Open CPE detail)
Opensuse>>Opensuse >> Version 12.3
- Opensuse>>Opensuse >> Version 12.3 (Open CPE detail)
Opensuse>>Opensuse >> Version 13.1
- Opensuse>>Opensuse >> Version 13.1 (Open CPE detail)
References
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html
Tags : mailing-list, x_refsource_MLIST
Tags : mailing-list, x_refsource_MLIST
