CVE-2013-4547

LAB

nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-4547. PoCs published by Ivan Fratric, cyberharsh, rsp243.

AI-analyzed exploit summary The entry describes a remote security-bypass vulnerability in nginx versions 0.8.41 through 1.5.6, where an attacker can exploit a path traversal issue (e.g., `/file \0.php`) to bypass security restrictions. The technical details are minimal but reference a known vulnerability (CVE-2013-4547) with a specific exploit vector.

Description

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Ivan Fratric · textremotemultiple
https://www.exploit-db.com/exploits/38846

The entry describes a remote security-bypass vulnerability in nginx versions 0.8.41 through 1.5.6, where an attacker can exploit a path traversal issue (e.g., `/file \0.php`) to bypass security restrictions. The technical details are minimal but reference a known vulnerability (CVE-2013-4547) with a specific exploit vector.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: nginx 0.8.41 through 1.5.6
No auth needed
Prerequisites: Access to the target nginx server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by cyberharsh · poc
https://github.com/cyberharsh/Nginx-CVE-2013-4547

This repository demonstrates CVE-2013-4547, a file parsing vulnerability in Nginx that allows bypassing file extension restrictions and accessing restricted paths by exploiting incorrect URI parsing. The PoC includes a Docker-based test environment and an upload page to showcase the vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Nginx 0.8.41 ~ 1.4.3 / 1.5.0 ~ 1.5.7
No auth needed
Prerequisites: Nginx with vulnerable version · FastCGI configuration · Ability to upload files with trailing spaces
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by rsp243 · poc
https://github.com/rsp243/fix_nginx_CVE-2013-4547_IB

This repository contains a README file referencing a fix for CVE-2013-4547, a vulnerability in Nginx. No exploit code or detailed technical analysis is provided.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Nginx (version not specified)
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55757
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55825
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55822
Broken Link vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2802
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html
Mitigation, Vendor Advisory mailing-list x_refsource_mlist
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html

Scores

EPSS 0.6772
EPSS Percentile 99.2%

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/nginx:1.4.2

Details

CWE
CWE-116
Status published
Products (8)
f5/nginx 0.8.41 - 1.4.4
opensuse/opensuse 11.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
opensuse/opensuse 13.1
suse/lifecycle_management_server 1.3
suse/studio_onsite 1.3
suse/webyast 1.3
Published Nov 23, 2013
Tracked Since Feb 18, 2026