CVE-2010-2266

nginx 0.7.52-0.7.67 - Denial of Service via Encoded Directory Traversal Sequence

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2266. PoCs published by Dr_IDE.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in nginx 0.8.36 on Windows: remote source disclosure via ADS (Alternate Data Stream) and remote DoS with memory corruption via encoded directory traversal. The PoC provides specific URLs to trigger these issues.

Description

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dr_IDE · textremotewindows

https://www.exploit-db.com/exploits/13818

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in nginx 0.8.36 on Windows: remote source disclosure via ADS (Alternate Data Stream) and remote DoS with memory corruption via encoded directory traversal. The PoC provides specific URLs to trigger these issues.

Classification

Working Poc 90%

Attack Type

Dos | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: nginx 0.8.36 (Windows)

No auth needed

Prerequisites: Network access to the target nginx server

MITRE ATT&CK

T1006 - Direct Volume Access T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/13818/

Scores

EPSS 0.2151

EPSS Percentile 97.3%

Details

CWE

CWE-22

Status published

Products (1)

f5/nginx 0.7.52 - 0.7.67

Published Jun 15, 2010

Tracked Since Feb 18, 2026