CVE-2013-2028

Scores

EPSS

0.923High92.3%

0%20%40%60%80%100%

Percentile: 92.3%

CVSS

7.5High2.0

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-787

Exploits

Exploit ID: 25499

Source: exploitdb

URL: https://www.exploit-db.com/exploits/25499

Exploit ID: 25775

Source: exploitdb

URL: https://www.exploit-db.com/exploits/25775

Exploit ID: 26737

Source: exploitdb

URL: https://www.exploit-db.com/exploits/26737

Exploit ID: 32277

Source: exploitdb

URL: https://www.exploit-db.com/exploits/32277

Exploit ID: CVE-2013-2028

Source: github-poc

URL: https://github.com/xiw1ll/CVE-2013-2028_Checker

Recommendations

Source: nvd

All nginx users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=www-servers/nginx-1.4.1-r2”

URL: http://security.gentoo.org/glsa/glsa-201310-04.xml

Vulnerable Software (4)

Type: Configuration

Product: nginx

Operating System: ubuntu hardy 8.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: nginx

Operating System: debian

Trait:

{
  "unaffected": true
}

Source: debian

Type: Configuration

Vendor: f5

Product: nginx

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "1.4.0",
      "versionStartIncluding": "1.3.9",
      "vulnerable": true
    }
  ],
  "op...

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "1.4.0",
      "versionStartIncluding": "1.3.9",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: fedoraproject

Product: fedora

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2013-2028

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Recommendations

Vulnerable Software (4)