Candidate: CVE-2011-4963
PublicDate: 2012-07-26 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963
 http://nginx.org/en/security_advisories.html
 http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html
 http://english.securitylab.ru/lab/PT-2012-06
Description:
 nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote
 attackers to bypass intended access restrictions and access restricted
 files via (1) a trailing . (dot) or (2) certain "$index_allocation"
 sequences in a request.
Ubuntu-Description:
Notes:
 tyhicks> Only affects nginx on Windows
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS: 

Patches_nginx:
upstream_nginx: not-affected
hardy_nginx: not-affected
lucid_nginx: not-affected
natty_nginx: not-affected
oneiric_nginx: not-affected
precise_nginx: not-affected
devel_nginx: not-affected (Windows only)