Exploit for #VU42707 Stack-based buffer overflow in nginx

Published: 2020-08-11 | Updated: 2020-12-23

Vulnerability identifier: #VU42707

Vulnerability risk: Medium

CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]

CVE-ID: CVE-2013-2028

CWE-ID: CWE-121

Exploitation vector: Network

Exploits in database: 7

December 23, 2020
- CVE-2013-2028-Exploit (CVE-2013-2028 python exploit) [Github]
August 21, 2020
- nginxpwn (Exploitation Training -- CVE-2013-2028: Nginx Stack Based Buffer Overflow) [Github]
August 11, 2020
- Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC) [Exploit-DB]
- Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit) [Exploit-DB]
- Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit [Exploit-DB]
- Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit [Exploit-DB]
- Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow [Metasploit]

Impact: Information disclosure and data manipulation

Vulnerable software:
nginx
Server applications / Web servers

Vendor: NGINX