Vulnerability Description
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx | >= 0.7.52, < 1.2.1 |
| Microsoft | Windows | - |
References
- http://english.securitylab.ru/lab/PT-2012-06MitigationThird Party Advisory
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.htmlMitigationVendor Advisory
- http://nginx.org/en/security_advisories.htmlVendor Advisory
- http://english.securitylab.ru/lab/PT-2012-06MitigationThird Party Advisory
- http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.htmlMitigationVendor Advisory
- http://nginx.org/en/security_advisories.htmlVendor Advisory
FAQ
What is CVE-2011-4963?
CVE-2011-4963 is a vulnerability with a CVSS score of 5.0 (MEDIUM). nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_all...
How severe is CVE-2011-4963?
CVE-2011-4963 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4963?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx, Microsoft Windows.