91 matches found
OpenResty Access Restriction Bypass Vulnerability
OpenResty is a high-performance Web platform based on Nginx and Lua , its internal integration of a large number of sophisticated Lua libraries , third-party modules and most of the dependencies . An access restriction bypass vulnerability exists in OpenResty versions prior to 1.13.6.1. The...
Design/Logic Flaw
DISPUTED In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application...
CVE-2018-9230
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...
CVE-2018-9230
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...
CVE-2018-9230
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...
CVE-2018-9230
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...
CVE-2018-9230
OpenResty
PT-2018-18916 · Openresty · Openresty
Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...
Parameter overflow vulnerability in OpenResty uri
OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...
lua-resty-waf
It is an offensive tool for web application firewalls WAFs. The repository, huangjacky/lua-resty-waf, contains a high-performance WAF built on the OpenResty stack. The tool is designed to protect against various types of attacks, including HTTP violations, HTTP anomalies, SQL injection, and gener...
Uber: Server version disclosure
Hi uber, maybe this is a low risk but i want to report that the nginx and openresty server version are being disclosed. For openresty: Accessing this url: https://chef.uberinternal.com/ will give you an error "502 Bad Gateway" but you can see on the page that the server version was disclose...