luky-37 at hotmail.com
Sat May 10 19:45:14 UTC 2014
> I just saw something strange on
> "An error log data are not sanitized
> Severity: none
> Not vulnerable: none
> Vulnerable: all"
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?
Afaik the nginx developers didn't agree with this CVE advisory, because its
actually a terminal problem. Nginx cannot be exploited, but the user when
looking at the log files can.
Read the advisory for details .
More information about the nginx