Rapid7 Vulnerability & Exploit Database

Nginx: Vulnerabilities with Windows file default stream (CVE-2010-2263)

Back to Search

Nginx: Vulnerabilities with Windows file default stream (CVE-2010-2263)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
06/15/2010
Created
07/25/2018
Added
01/27/2014
Modified
01/27/2014

Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Solution(s)

  • nginx-nginx-upgrade-0_7_66
  • nginx-nginx-upgrade-0_8_40

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;