Attack (Attack ID:302017)

Release Date03/20/2012

Attack NameNgnix null bytes remote 0day vulnerable

Severity

BUG ID

CVE ID

 

Description

Nginx processes null byte (%00) in an inconsistent way with FastCGI in the backend. Attackers can embed PHP code in a picture, and then execute the embedded code by visiting xxx.jpg%00.php.

Impact:

nginx 0.5.*
nginx 0.6.*
nginx 0.7 <= 0.7.65
nginx 0.8 <= 0.8.37

Affected Systems:
Attacker can control the target host completely.

Additional References:
http://www.wooyun.org/bugs/wooyun-2010-02730

 

Solution

No patch or update is available. Please pay close attention to the vendor’s homepage to obtain the latest version.