CVE-2010-2263: Infoleak
First published: Mon Jun 14 2010(Updated: )
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nginx | >=0.7.52<0.7.66 | |
| Nginx | >=0.8.0<=0.8.39 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2263?
CVE-2010-2263 is ranked as a medium severity vulnerability due to its potential to expose sensitive source code to remote attackers.
How do I fix CVE-2010-2263?
To fix CVE-2010-2263, upgrade to nginx versions 0.8.40 or later, or 0.7.66 or later, which include patches to address this vulnerability.
Who is affected by CVE-2010-2263?
CVE-2010-2263 affects nginx versions prior to 0.8.40 and 0.7.66 when running on Windows platforms.
What does CVE-2010-2263 exploit?
CVE-2010-2263 exploits a flaw in nginx that allows remote attackers to access source code or unparsed content of files by appending ::$DATA to the URI.
Can I mitigate CVE-2010-2263 without updating?
Mitigating CVE-2010-2263 without updating may be challenging; it is recommended to restrict access to the web document root to limit exposure.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/nginx
- version/nginx/0.7.52
- version/nginx/0.8.0
- version/nginx/0.8.39
- vendor/microsoft
- canonical/microsoft windows