nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
References
Link | Resource |
---|---|
http://english.securitylab.ru/lab/PT-2012-06 | Mitigation Third Party Advisory |
http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html | Mitigation Vendor Advisory |
http://nginx.org/en/security_advisories.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-10-03T16:15:13
Updated: 2022-10-03T16:15:13
Reserved: 2022-10-03T00:00:00
Link: CVE-2011-4963
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-07-26T19:55:00.980
Modified: 2021-11-10T15:57:01.703
Link: CVE-2011-4963
JSON object: View
Redhat Information
No data.
CWE