Nextcloud: Known DoS condition (null pointer deref) in Nginx running

ID H1:145409
Type hackerone
Reporter shoveller
Modified 2016-07-27T20:51:19


The sub-site is running Nginx/1.10.0 which is vuln to a known issue (CVE-2016-4450) which allows a remote malformed HTTP request to cause the Nginx process to crash.

DoS testing is mentioned as not requested, but if you know of an issue give it a go ..

You can determine the version running by requesting the IP of the site and getting the HTTP 301, eg: