Nginx Code Execution

There is a buffer underflow error in nginx when working on secure HTTP (https). This could be exploited by an unauthenticated remote attacker to execute arbitrary code with user privileges to run the application. Nginx is a program that can be used as independent http server as a proxy server. Since it is fairly light, is used as a reverse proxy in front of some production servers (like Apache or other) to reduce the burden of these when working with many concurrent sessions. Buffer underflow occurs when writing data from the URI before allocating memory. This particular error is in the "ngx_http_parse_complex_uri ()" in "http / ngx_http_parse.c" and can be exploited by sending specially crafted data. The vulnerability can occur when, when it acts as a web server, as when he works as a proxy server.
,
The patch is available from the official site (www.nginx.net).