CVE-2013-4547
nginx - restriction bypass
EPSS 90.9%
Description
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
How to fix CVE-2013-4547
To remediate CVE-2013-4547, upgrade the affected package to a fixed version below.
- Debian/nginx—upgrade to 1.4.4-1 or later
- Debian/nginx—upgrade to 1.2.1-2.2+wheezy2 or later
Is CVE-2013-4547 being exploited?
Likely — EPSS is 90.9%, placing CVE-2013-4547 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.4.4-1
- from 0, < 1.2.1-2.2+wheezy2