CVE-2009-3896

nginx 0.1.0-0.4.14 0.5.x<0.5.38 0.6.x<0.6.39 0.7.x<0.7.62 0.8.x<0.8.14 - Denial of Service via Long URI

Title source: llm
STIX 2.1

Description

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1920
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36839
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/23/10
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48577
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/20/6
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/20/1
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-22.xml
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=nginx&m=125692080328141&w=2

Scores

EPSS 0.0251
EPSS Percentile 85.6%

Details

CWE
CWE-119
Status published
Products (50)
f5/nginx 0.1.0
f5/nginx 0.1.1
f5/nginx 0.1.2
f5/nginx 0.1.3
f5/nginx 0.1.4
f5/nginx 0.1.5
f5/nginx 0.1.6
f5/nginx 0.1.7
f5/nginx 0.1.8
f5/nginx 0.1.9
... and 40 more
Published Nov 24, 2009
Tracked Since Feb 18, 2026