Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Published: Jun 15, 2010
Updated: Nov 9, 2025
CVE: CVE-2010-2263
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
f5 / nginx	0.7.52	0.7.66
f5 / nginx	0.8.0	0.8.39.x

http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html
http://www.exploit-db.com/exploits/13818
http://www.exploit-db.com/exploits/13822
http://www.securityfocus.com/bid/40760

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo