Credit: Greg MacManus
Not to be outdone by Asterisk, nginx wanted to overflow with HTTP headers too. And if one overflow was not enough, a second exploitable variant was found and patched shortly after the first.
(CVE-2013-2028 and CVE-2013-2070)
recognize both excellence and incompetence in the field of information security