CVE-2010-2263 Information

Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66 when running on Windows allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Reference

http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html http://www.exploit-db.com/exploits/13818 http://www.exploit-db.com/exploits/13822 http://www.securityfocus.com/bid/40760