No statement is currently available from the vendor regarding this vulnerability.
The author of nginx has published the following updated versions of the software to address this issue: Development version: nginx-0.8.15, nginx/Windows-0.8.15, change log
Stable version: nginx-0.7.62, nginx/Windows-0.7.62, change log
Legacy stable version: nginx-0.6.39, change log
Legacy version: nginx-0.5.38, change log
Users of nginx from the original distribution are encouraged to upgrade to one of these versions (or newer, as appropriate). The author has also published a standalone patch to address this issue.
Notified: September 05, 2009 Updated: September 09, 2009
Statement Date: September 08, 2009
Sun Products are not vulnerable, since nginx is not included in any supported Sun product offering. A vulnerable version of nginx is available as an unsupported component of WebStack project, which will be updated to fix this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.