Nginx Restriction Bypass via Space Character in URI
Impact: High
Description
A bug in Nginx allows an attacker to bypass security restrictions in certain configurations by using a specially crafted request. Some checks on a request URI are not executed on a character following an unescaped space character.
Recommendation
Upgrade the Nginx.
As a temporary workaround the following configuration can be used in each server{}
block.
if ($request_uri ~ " ") {
return 444;
}
References
👉 You might also like:
Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner
WordPress Plugin LeagueManager 3.8 SQLI - CVE-2013-1852
Nginx Integer Overflow - CVE-2017-7529
Apache mod_jk Access Control Bypass - CVE-2018-11759
Last updated on October 10, 2021