|
|||
Release Date:03/20/2012
Attack Name:Ngnix null bytes remote 0day vulnerable
Severity:
BUG ID:
CVE ID:
Description:
|
Nginx processes null byte (%00) in an inconsistent way with FastCGI in the backend. Attackers can embed PHP code in a picture, and then execute the embedded code by visiting xxx.jpg%00.php.
Impact:
Solution:
|
No patch or update is available. Please pay close attention to the vendor’s homepage to obtain the latest version.