Nginx Restriction Bypass via Space Character in URI

Severity:: High

Description

A vulnerability in Nginx allows attackers to bypass security restrictions in specific configurations by exploiting a flaw in request URI processing. When an unescaped space character is followed by certain characters, some security checks on the request URI may be bypassed.

Recommendation

To mitigate this vulnerability, upgrade Nginx to the latest version. As a temporary workaround, apply the following configuration within each server{} block:

  if ($request_uri ~ " ") {
      return 444;
  }

This configuration prevents requests containing spaces from being processed.

References

nginx security advisory
Mitigating Nginx Vulnerabilities
Nginx
CVE-2013-4547
CWE-20
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Nginx Code Execution due to Misconfiguration - Vulnerability
Nginx Integer Overflow - CVE-2017-7529
Nginx Null Byte Code Execution - CVE-2013-2028
Nginx Version Disclosure - Vulnerability

Tags:: Nginx; Security Bypass; Request Processing

Anything's wrong? Let us know Last updated on May 13, 2024