What is CVE-2010-2263?

CVE-2010-2263 is a vulnerability in F5 Nginx, classified under Information Disclosure. Published 2010-06-15.

Is CVE-2010-2263 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in F5 Nginx

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Vulnerability class: Information Disclosure

EPSS: 0.719 (99.4th percentile) — read the EPSS interpretation.

Affected products

F5 Nginx
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

rapid7/metasploit-framework

References

13818 (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC, Third Party Advisory, Release Notes)
13822 (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
40760 (Exploit, VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2010-2263?: CVE-2010-2263 is a vulnerability in F5 Nginx, classified under Information Disclosure. Published 2010-06-15.
Is CVE-2010-2263 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.