Vendor
Nginx
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7529 | Hig | 0.56 | 7.5 | 0.92 | Jul 13, 2017 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | |
| CVE-2009-3898 | 0.03 | — | 0.01 | Nov 24, 2009 | Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | ||
| CVE-2011-4968 | 0.00 | — | 0.00 | Nov 19, 2019 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | ||
| CVE-2009-3896 | 0.00 | — | 0.03 | Nov 24, 2009 | src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. |