VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.93039	https://api.first.org/data/v1/epss?cve=CVE-2013-2028
epss	0.93137	https://api.first.org/data/v1/epss?cve=CVE-2013-2028
epss	0.93137	https://api.first.org/data/v1/epss?cve=CVE-2013-2028
epss	0.93137	https://api.first.org/data/v1/epss?cve=CVE-2013-2028
epss	0.93137	https://api.first.org/data/v1/epss?cve=CVE-2013-2028
cvssv2	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2013-2028

System

Score

Found at

epss

0.93039

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

epss

0.93137

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

epss

0.93137

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

epss

0.93137

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

epss

0.93137

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

cvssv2

7.5

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

cvssv2

7.5

https://nvd.nist.gov/vuln/detail/CVE-2013-2028

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html
		http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
		http://nginx.org/download/patch.2013.chunked.txt
		http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html
		https://api.first.org/data/v1/epss?cve=CVE-2013-2028
		http://secunia.com/advisories/55181
		http://security.gentoo.org/glsa/glsa-201310-04.xml
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/rapid7/metasploit-framework/pull/1834
		https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
		https://nginx.org/download/patch.2013.chunked.txt
		https://nginx.org/download/patch.2013.chunked.txt.asc
		http://www.osvdb.org/93037
		http://www.securityfocus.com/bid/59699
		http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/
cpe:2.3:a:f5:nginx::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx::::::::
cpe:2.3:o:fedoraproject:fedora:19:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:::::::*
CVE-2013-2028	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86-64/remote/32277.txt
CVE-2013-2028		https://nvd.nist.gov/vuln/detail/CVE-2013-2028
CVE-2013-2028;OSVDB-93037	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/25499.py
CVE-2013-2028;OSVDB-93037	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25775.rb
CVE-2013-2028;OSVDB-93037	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86/remote/26737.pl
GLSA-201310-04		https://security.gentoo.org/glsa/201310-04

Reference id

Reference type

URL

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html

http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

http://nginx.org/download/patch.2013.chunked.txt

http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html

https://api.first.org/data/v1/epss?cve=CVE-2013-2028

http://secunia.com/advisories/55181

http://security.gentoo.org/glsa/glsa-201310-04.xml

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://github.com/rapid7/metasploit-framework/pull/1834

https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

https://nginx.org/download/patch.2013.chunked.txt

https://nginx.org/download/patch.2013.chunked.txt.asc

http://www.osvdb.org/93037

http://www.securityfocus.com/bid/59699

http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/

cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

CVE-2013-2028

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86-64/remote/32277.txt

CVE-2013-2028

https://nvd.nist.gov/vuln/detail/CVE-2013-2028

CVE-2013-2028;OSVDB-93037

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/25499.py

CVE-2013-2028;OSVDB-93037

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25775.rb

CVE-2013-2028;OSVDB-93037

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86/remote/26737.pl

GLSA-201310-04

https://security.gentoo.org/glsa/201310-04

Data source	Exploit-DB
Date added	March 20, 2014
Description	Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Ransomware campaign use	Unknown
Source publication date	March 15, 2014
Exploit type	remote
Platform	linux_x86-64
Source update date	Nov. 22, 2017

Exploit-DB

March 20, 2014

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Unknown

March 15, 2014

remote

linux_x86-64

Nov. 22, 2017

Data source	Metasploit
Description	This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	May 7, 2013
Platform	Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/nginx_chunked_size.rb

Metasploit

This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.

Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects

Unknown

May 7, 2013

Unix

https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/nginx_chunked_size.rb

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:31:46.010288+00:00	Nginx Importer	Import	https://nginx.org/en/security_advisories.html	38.0.0

2026-04-01T12:31:46.010288+00:00

Nginx Importer

Import

https://nginx.org/en/security_advisories.html

38.0.0

Vulnerability ID	VCID-9kx7-1dn9-dbdt
Aliases	CVE-2013-2028
Summary	Stack-based buffer overflow with specially crafted request
Status	Published
Exploitability	2.0
Weighted Severity	6.8
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.99787
EPSS Score	0.93039
Published At	April 13, 2026, 12:55 p.m.