Vulnerability in F5 Nginx
CVE-2013-4547
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
EPSS: 0.909 (99.6th percentile) — read the EPSS interpretation.
Affected products
- F5 Nginx
- Opensuse — versions 11.4, 12.2, 12.3
- Suse Lifecycle_management_server — versions 1.3
- Suse Studio_onsite — versions 1.3
- Suse Webyast — versions 1.3
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 55757 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- SUSE-SU-2013:1895 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2013:1745 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 55825 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 55822 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- openSUSE-SU-2013:1792 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2013:1791 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- DSA-2802 (vendor-advisory, x_refsource_DEBIAN, Broken Link)
- [nginx-announce] 20131119 nginx security advisory (CVE-2013-4547) (Vendor Advisory, mailing-list, x_refsource_MLIST, Mitigation)
Frequently asked questions
- What is CVE-2013-4547?
- CVE-2013-4547 is a vulnerability in F5 Nginx, classified under Improper Encoding or Escaping of Output. Published 2013-11-23.
- Is CVE-2013-4547 known to be exploited?
- 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.