Exploit for #VU42707 Stack-based buffer overflow in nginx

Published: 2020-08-11 | Updated: 2020-12-23

Vulnerability identifier: #VU42707

Vulnerability risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2013-2028

CWE-ID: CWE-121

Exploitation vector: Network

Exploits in database: 7

December 23, 2020
- CVE-2013-2028-Exploit (CVE-2013-2028 python exploit) [Github]
August 21, 2020
- nginxpwn (Exploitation Training -- CVE-2013-2028: Nginx Stack Based Buffer Overflow) [Github]
August 11, 2020
- Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC) [Exploit-DB]
- Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit) [Exploit-DB]
- Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit [Exploit-DB]
- Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit [Exploit-DB]
- Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow [Metasploit]

Vulnerable software:
nginx
Server applications / Web servers

Vendor: NGINX