Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Published

2013-11-23T18:55:04.687

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-116

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	nginx	< 1.4.4	Yes
Application	f5	nginx	≤ 1.5.6	Yes
Application	suse	lifecycle_management_server	1.3	Yes
Application	suse	studio_onsite	1.3	Yes
Application	suse	webyast	1.3	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	opensuse	opensuse	12.2	Yes
Operating System	opensuse	opensuse	12.3	Yes
Operating System	opensuse	opensuse	13.1	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html Mailing List, Third Party Advisory ([email protected])
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html Mitigation, Vendor Advisory ([email protected])
http://secunia.com/advisories/55757 Third Party Advisory ([email protected])
http://secunia.com/advisories/55822 Third Party Advisory ([email protected])
http://secunia.com/advisories/55825 Third Party Advisory ([email protected])
http://www.debian.org/security/2012/dsa-2802 Broken Link ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55757 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55822 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55825 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2802 Broken Link (af854a3a-2127-422b-91ae-364da2661108)