CVE-2012-3380
Published: 31 August 2012
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
Notes
Author | Note |
---|---|
tyhicks | Per Debian, naxsi package was introduced in 1.1.18-1 |
mdeslaur | precise and earlier don't ship naxsi-ui in any binary package, which is the vulnerable part. |
Priority
Status
Package | Release | Status |
---|---|---|
nginx Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
(1.0.5-1ubuntu0.1)
|
|
precise |
Not vulnerable
(1.1.19-1)
|
|
upstream |
Released
(1.2.1-2)
|
|
Patches: upstream: https://code.google.com/p/naxsi/source/detail?r=307 |