{"vuid":"VU#180065","idnumber":"180065","name":"Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability","keywords":[""],"overview":"A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.","clean_desc":"nginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the ngx_http_parse_complex_uri() function when handling specially crafted URIs. Exploitation of this vulnerability would cause the nginx server to write data contained in the URI to heap memory before the allocated buffer.","impact":"As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service.","resolution":"Upgrade or apply a patch Updated versions of the nginx package have been released to address this issue. Users should consult the Systems Affected section of this document for information about specific vendors.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Ries of the Carnegie Mellon University Information Security Office for reporting this vulnerability.","author":"This document was written by Chad R Dougherty.","public":[],"cveids":["CVE-2009-2629"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-08-27T12:09:06Z","publicdate":"2009-09-14T00:00:00Z","datefirstpublished":"2009-09-15T18:17:45Z","dateupdated":"2009-09-21T19:50:09Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"18","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.21875","cam_scorecurrentwidelyknown":"5.0625","cam_scorecurrentwidelyknownexploited":"8.4375","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":4.21875,"vulnote":null}