CVE-2011-4963
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/07/2012
Last modified:
11/04/2025
Description
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* | 0.7.52 (including) | 1.2.1 (excluding) |
| cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://english.securitylab.ru/lab/PT-2012-06
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
- http://nginx.org/en/security_advisories.html
- http://english.securitylab.ru/lab/PT-2012-06
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
- http://nginx.org/en/security_advisories.html