Lucene search
K

91 matches found

CNVD
CNVD
added 2018/04/03 12:0 a.m.4 views

OpenResty Access Restriction Bypass Vulnerability

OpenResty is a high-performance Web platform based on Nginx and Lua , its internal integration of a large number of sophisticated Lua libraries , third-party modules and most of the dependencies . An access restriction bypass vulnerability exists in OpenResty versions prior to 1.13.6.1. The...

9.8CVSS6.9AI score0.13683EPSS
Exploits1References1
Prion
Prion
added 2018/04/02 6:29 p.m.14 views

Design/Logic Flaw

DISPUTED In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application...

7.5CVSS9.4AI score0.13683EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/04/02 6:29 p.m.24 views

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

9.8CVSS9.5AI score0.13683EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/04/02 6:29 p.m.4 views

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

9.8CVSS5.7AI score0.13683EPSS
Exploits1References3
OSV
OSV
added 2018/04/02 6:29 p.m.10 views

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

9.8CVSS9.4AI score
Exploits0References2
Cvelist
Cvelist
added 2018/04/02 6:0 p.m.21 views

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...

9.5AI score0.13683EPSS
Exploits1References2
CVE
CVE
added 2018/04/02 6:0 p.m.84 views

CVE-2018-9230

OpenResty

9.8CVSS9.4AI score0.13683EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/04/02 12:0 a.m.7 views

PT-2018-18916 · Openresty · Openresty

Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...

9.8CVSS7.4AI score0.13683EPSS
Exploits1References5
CNVD
CNVD
added 2018/04/01 12:0 a.m.3 views

Parameter overflow vulnerability in OpenResty uri

OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...

7.1AI score
Exploits0
Gitee
Gitee
added 2017/05/29 10:42 a.m.8 views

lua-resty-waf

It is an offensive tool for web application firewalls WAFs. The repository, huangjacky/lua-resty-waf, contains a high-performance WAF built on the OpenResty stack. The tool is designed to protect against various types of attacks, including HTTP violations, HTTP anomalies, SQL injection, and gener...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2016/07/06 4:17 a.m.62 views

Uber: Server version disclosure

Hi uber, maybe this is a low risk but i want to report that the nginx and openresty server version are being disclosed. For openresty: Accessing this url: https://chef.uberinternal.com/ will give you an error "502 Bad Gateway" but you can see on the page that the server version was disclose...

0.1AI score
Exploits0
Rows per page
Query Builder