Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2266Path Traversal in F5 Nginx

CWE-22Path Traversal5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
7.3%
top 8.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Nginx
Timeline
PublishedJun 15
Latest updateMay 13

Description

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDf5/nginx0.7.520.7.67+1

🔴Vulnerability Details

2
GHSA
GHSA-9vhc-vpgr-5gxf: nginx 02022-05-13
CVEList
CVE-2010-2266: nginx 02010-06-14

💥Exploits & PoCs

1
Exploit-DB
Nginx 0.8.36 - Source Disclosure / Denial of Service2010-06-11

📋Vendor Advisories

1
Debian
CVE-2010-2266: nginx - nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via ce...2010
CVE-2010-2266 — Path Traversal in F5 Nginx | cvebase