CVE-2009-2629
First published: Tue Sep 15 2009(Updated: )
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 NGINX | >=0.1.0<0.5.38 | |
| F5 NGINX | >=0.6.0<0.6.39 | |
| F5 NGINX | >=0.7.0<0.7.62 | |
| F5 NGINX | >=0.8.0<0.8.15 | |
| Debian | =4.0 | |
| Debian | =5.0 | |
| Debian | =6.0 | |
| Fedora | =10 | |
| Fedora | =11 | |
| Fedora | =12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://nginx.net/CHANGES-0.6
- http://nginx.net/CHANGES-0.7
- http://www.debian.org/security/2009/dsa-1884
- http://nginx.net/CHANGES-0.5
- http://www.kb.cert.org/vuls/id/180065
- http://sysoev.ru/nginx/patch.180065.txt
- http://nginx.net/CHANGES
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
Frequently Asked Questions
What is the severity of CVE-2009-2629?
CVE-2009-2629 has a high severity due to the potential for remote attackers to execute arbitrary code.
How do I fix CVE-2009-2629?
To fix CVE-2009-2629, update nginx to versions 0.6.39, 0.7.62, 0.8.15 or later.
Which versions of nginx are affected by CVE-2009-2629?
CVE-2009-2629 affects nginx versions from 0.1.0 to 0.5.37, and several versions in the 0.6.x, 0.7.x, and 0.8.x series prior to specified patches.
Can CVE-2009-2629 be exploited remotely?
Yes, CVE-2009-2629 can be exploited remotely through crafted HTTP requests.
What type of vulnerability is CVE-2009-2629?
CVE-2009-2629 is a buffer underflow vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/f5
- canonical/nginx
- version/nginx/0.1.0
- version/nginx/0.6.0
- version/nginx/0.7.0
- version/nginx/0.8.0
- vendor/debian
- canonical/debian
- version/debian/4.0
- version/debian/5.0
- version/debian/6.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/10
- version/fedora/11
- version/fedora/12