Nginx security vulnerability (CVE-2 0 1 3-4 5 4 7)-vulnerability warning-the black bar safety net

2013-11-22T00:00:00
ID MYHACK58:62201341260
Type myhack58
Reporter 佚名
Modified 2013-11-22T00:00:00

Description

Nginx security restrictions might be some requests to ignore, when we for example, by the following manner for URL access restrictions, if an attacker uses some didn't after the escaped space character invalid HTTP Protocol, but from the Nginx 0.8.41 start considering compatibility issues to be support, then this restriction may be invalid:

location /protected/ { deny all; } When the request is for “/foo /../protected/file” so that the URL (a static file, but foo followed by a space at the end) or is the following configuration: location ~ \. php$ { fastcgi_pass ... }

When we request “/file \0.php” it will bypass the limit.

The problem affects nginx 0.8.41 – 1.5.6.

The problem is in Nginx 1.5.7 and 1.4.4 version of the Fix.

Patch in:

http://nginx.org/download/patch.2013.space.txt

The configuration on the temporary solution is: if ($request_uri ~ ” “) { return 4 4 4; }