Nginx Restriction Bypass via Space Character in URI
Impact: High
Description
A vulnerability in Nginx allows attackers to bypass security restrictions in specific configurations by exploiting a flaw in request URI processing. When an unescaped space character is followed by certain characters, some security checks on the request URI may be bypassed.
Recommendation
To mitigate this vulnerability, upgrade Nginx to the latest version. As a temporary workaround, apply the following configuration within each server{}
block:
if ($request_uri ~ " ") {
return 444;
}
This configuration prevents requests containing spaces from being processed.
References
- CVE-2013-4547
- CVE-2013-4547 - Nginx Space Character Bypass Vulnerability
- CWE-20
- Mitigating Nginx Vulnerabilities
- Nginx
- nginx security advisory
- OWASP 2021-A6
👉 You might also like:
Nginx Null Byte Code Execution - CVE-2013-2028
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Apache mod_jk Access Control Bypass - CVE-2018-11759
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Last updated on May 13, 2024