CVE-2009-2629
nginx - arbitrary code execution
EPSS 78.1%
Description
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
How to fix CVE-2009-2629
To remediate CVE-2009-2629, upgrade the affected package to a fixed version below.
- Debian/nginx—upgrade to 0.7.61-3 or later
- Debian/nginx—upgrade to 0.4.13-2+etch2 or later
Is CVE-2009-2629 being exploited?
Likely — EPSS is 78.1%, placing CVE-2009-2629 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 0.7.61-3
- from 0, < 0.4.13-2+etch2