Denial of Service Vulnerability in nginx by Failsafe Digital Technologies
CVE-2009-3896

Currently unrated

Key Information:

Vendor: Nginx
Status: Nginx
Vendor: CVE Published:; 24 November 2009

What is CVE-2009-3896?

A vulnerability in nginx (also known as Engine X) affects versions 0.1.0 through 0.4.14, as well as select versions in the 0.5.x to 0.8.x series. This flaw allows remote attackers to exploit a null pointer dereference by sending specially crafted long URIs. If successful, this can lead to a crash of the worker process, resulting in a denial of service. It is crucial for users of affected nginx versions to apply the necessary patches to mitigate this risk.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035

x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/bid/36839

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2009
Vulnerability Reserved
Nov 5, 2009

Nginx

What is CVE-2009-3896?

References

Timeline