Vulnerability Details : CVE-2013-2028
Public exploit exists!
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-2028
Probability of exploitation activity in the next 30 days: 11.66%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-2028
-
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
Disclosure Date: 2013-05-07First seen: 2020-04-26exploit/linux/http/nginx_chunked_sizeThis module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining t
CVSS scores for CVE-2013-2028
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-2028
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2028
-
http://security.gentoo.org/glsa/glsa-201310-04.xml
nginx: Multiple vulnerabilities (GLSA 201310-04) — Gentoo securityThird Party Advisory
-
http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/
Page not found · GitHub PagesBroken Link
-
https://github.com/rapid7/metasploit-framework/pull/1834
Exploit module for nginx chunked stack buffer overflow. by hal3002 · Pull Request #1834 · rapid7/metasploit-framework · GitHubPatch;Third Party Advisory
-
http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
[nginx-announce] nginx security advisory (CVE-2013-2028)Mitigation;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/59699
nginx 'ngx_http_parse.c' Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html
Nginx 1.3.9 / 1.4.0 Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://nginx.org/download/patch.2013.chunked.txt
Patch;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html
[SECURITY] Fedora 19 Update: nginx-1.4.1-1.fc19Third Party Advisory
Products affected by CVE-2013-2028
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*