Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2263Sensitive Information Exposure in F5 Nginx

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
44.2%
top 2.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Nginx
Timeline
PublishedJun 15
Latest updateMay 13

Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDf5/nginx0.7.520.7.66+1

🔴Vulnerability Details

2
GHSA
GHSA-2rq5-xfv5-vq54: nginx 02022-05-13
CVEList
CVE-2010-2263: nginx 02010-06-14

💥Exploits & PoCs

2
Exploit-DB
Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download2010-06-11
Exploit-DB
Nginx 0.8.36 - Source Disclosure / Denial of Service2010-06-11

📋Vendor Advisories

1
Debian
CVE-2010-2263: nginx - nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows r...2010
CVE-2010-2263 — Sensitive Information Exposure in F5 | cvebase