nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
References
| Link | Resource |
|---|---|
| http://english.securitylab.ru/lab/PT-2012-06 | Mitigation Third Party Advisory |
| http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html | Mitigation Vendor Advisory |
| http://nginx.org/en/security_advisories.html | Vendor Advisory |
| http://english.securitylab.ru/lab/PT-2012-06 | Mitigation Third Party Advisory |
| http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html | Mitigation Vendor Advisory |
| http://nginx.org/en/security_advisories.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 01:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://english.securitylab.ru/lab/PT-2012-06 - Mitigation, Third Party Advisory | |
| References | () http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html - Mitigation, Vendor Advisory | |
| References | () http://nginx.org/en/security_advisories.html - Vendor Advisory |
Information
Published : 2012-07-26 19:55
Updated : 2024-11-21 01:33
NVD link : CVE-2011-4963
Mitre link : CVE-2011-4963
CVE.ORG link : CVE-2011-4963
JSON object : View
Products Affected
f5
- nginx
microsoft
- windows
CWE