Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4547

CWE-11610 documents7 sources
Severity
7.5HIGH
EPSS
90.9%
top 0.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
F5 NginxOpensuse OpensuseSuse Lifecycle Management Server+2 more
Timeline
PublishedNov 23
Latest updateMay 13

Description

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

NVDf5/nginx0.8.411.4.4+1
Debiannginx< 1.4.4-1+3
NVDsuse/webyast1.3
NVDopensuse/opensuse4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-9x2q-qf8w-h347: nginx 02022-05-13
OSV
CVE-2013-4547: nginx 02013-11-23
CVEList
CVE-2013-4547: nginx 02013-11-23

💥Exploits & PoCs

1
Exploit-DB
Nginx 1.1.17 - URI Processing SecURIty Bypass2013-11-19

📋Vendor Advisories

1
Debian
CVE-2013-4547: nginx - nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to byp...2013

💬Community

4
Bugzilla
CVE-2013-4547 nginx: security restriction bypass flaw due to whitespace parsing [fedora-all]2013-11-19
Bugzilla
CVE-2013-4547 nginx: security restriction bypass flaw due to whitespace parsing [epel-6]2013-11-19
Bugzilla
CVE-2013-4547 nginx: security restriction bypass flaw due to whitespace parsing2013-11-19
Bugzilla
CVE-2013-4547 nginx: security restriction bypass flaw due to whitespace parsing [epel-5]2013-11-19
CVE-2013-4547 (HIGH CVSS 7.5) | nginx 0.8.41 through 1.4.3 and 1.5. | cvebase.io