Short Name |
HTTP:MISC:NGINX-CHUNK-TRANS-DOS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Nginx Chunked Transfer Parsing Denial of Service
|
Release Date |
2013/08/07
|
Update Number |
2288
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Nginx Chunked Transfer Parsing Denial of Service
This signature detects attempts to exploit a known flaw in Nginx. A successful attack can result in a denial-of-service condition.
Extended Description
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
Affected Products
- Igor_sysoev nginx 1.1.10
- Igor_sysoev nginx 1.1.11
- Igor_sysoev nginx 1.1.12
- Igor_sysoev nginx 1.1.13
- Igor_sysoev nginx 1.1.15
- Igor_sysoev nginx 1.1.16
- Igor_sysoev nginx 1.1.17
- Igor_sysoev nginx 1.1.18
- Igor_sysoev nginx 1.1.19
- Igor_sysoev nginx 1.1.4
- Igor_sysoev nginx 1.1.6
- Igor_sysoev nginx 1.1.7
- Igor_sysoev nginx 1.1.8
- Igor_sysoev nginx 1.1.9
- Igor_sysoev nginx 1.2.0
- Igor_sysoev nginx 1.2.1
- Igor_sysoev nginx 1.2.2
- Igor_sysoev nginx 1.2.3
- Igor_sysoev nginx 1.2.4
- Igor_sysoev nginx 1.2.5
- Igor_sysoev nginx 1.2.6
- Igor_sysoev nginx 1.2.7
- Igor_sysoev nginx 1.2.8
- Igor_sysoev nginx 1.3.0
- Igor_sysoev nginx 1.3.1
- Igor_sysoev nginx 1.3.10
- Igor_sysoev nginx 1.3.11
- Igor_sysoev nginx 1.3.12
- Igor_sysoev nginx 1.3.13
- Igor_sysoev nginx 1.3.14
- Igor_sysoev nginx 1.3.15
- Igor_sysoev nginx 1.3.16
- Igor_sysoev nginx 1.3.2
- Igor_sysoev nginx 1.3.3
- Igor_sysoev nginx 1.3.4
- Igor_sysoev nginx 1.3.5
- Igor_sysoev nginx 1.3.6
- Igor_sysoev nginx 1.3.7
- Igor_sysoev nginx 1.3.8
- Igor_sysoev nginx 1.3.9
- Igor_sysoev nginx 1.4.0
References