Signature Detail
Short Name |
HTTP:NGINX-RQST-URI-SECBYPASS |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nginx Request URI Verification Security Bypass |
Release Date |
2014/02/18 |
Update Number |
2346 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Nginx Request URI Verification Security Bypass
This signature detects attempts to exploit a known vulnerability in Nginx. The vulnerability is caused by improper handling of unescaped space characters within URIs. A successful attack could bypass security restrictions in certain configurations.
Extended Description
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
Affected Products
- igor_sysoev nginx 0.8.41
- igor_sysoev nginx 0.8.42
- igor_sysoev nginx 0.8.43
- igor_sysoev nginx 0.8.44
- igor_sysoev nginx 0.8.45
- igor_sysoev nginx 0.8.46
- igor_sysoev nginx 0.8.47
- igor_sysoev nginx 0.8.48
- igor_sysoev nginx 0.8.49
- igor_sysoev nginx 0.8.5
- igor_sysoev nginx 0.8.50
- igor_sysoev nginx 0.8.51
- igor_sysoev nginx 0.8.52
- igor_sysoev nginx 0.8.53
- igor_sysoev nginx 0.8.6
- igor_sysoev nginx 0.8.7
- igor_sysoev nginx 0.8.8
- igor_sysoev nginx 0.8.9
- igor_sysoev nginx 0.9.0
- igor_sysoev nginx 0.9.1
- igor_sysoev nginx 0.9.2
- igor_sysoev nginx 0.9.3
- igor_sysoev nginx 0.9.4
- igor_sysoev nginx 0.9.5
- igor_sysoev nginx 0.9.6
- igor_sysoev nginx 0.9.7
- igor_sysoev nginx 1.0.0
- igor_sysoev nginx 1.0.1
- igor_sysoev nginx 1.0.10
- igor_sysoev nginx 1.0.11
- igor_sysoev nginx 1.0.12
- igor_sysoev nginx 1.0.13
- igor_sysoev nginx 1.0.14
- igor_sysoev nginx 1.0.15
- igor_sysoev nginx 1.0.2
- igor_sysoev nginx 1.0.3
- igor_sysoev nginx 1.0.4
- igor_sysoev nginx 1.0.5
- igor_sysoev nginx 1.0.6
- igor_sysoev nginx 1.0.7
- igor_sysoev nginx 1.0.8
- igor_sysoev nginx 1.0.9
- igor_sysoev nginx 1.1.0
- igor_sysoev nginx 1.1.1
- igor_sysoev nginx 1.1.10
- igor_sysoev nginx 1.1.11
- igor_sysoev nginx 1.1.12
- igor_sysoev nginx 1.1.13
- igor_sysoev nginx 1.1.14
- igor_sysoev nginx 1.1.15
- igor_sysoev nginx 1.1.16
- igor_sysoev nginx 1.1.17
- igor_sysoev nginx 1.1.18
- igor_sysoev nginx 1.1.19
- igor_sysoev nginx 1.1.2
- igor_sysoev nginx 1.1.3
- igor_sysoev nginx 1.1.4
- igor_sysoev nginx 1.1.5
- igor_sysoev nginx 1.1.6
- igor_sysoev nginx 1.1.7
- igor_sysoev nginx 1.1.8
- igor_sysoev nginx 1.1.9
- igor_sysoev nginx 1.2.0
- igor_sysoev nginx 1.3.0
- igor_sysoev nginx 1.3.1
- igor_sysoev nginx 1.3.10
- igor_sysoev nginx 1.3.11
- igor_sysoev nginx 1.3.12
- igor_sysoev nginx 1.3.13
- igor_sysoev nginx 1.3.14
- igor_sysoev nginx 1.3.15
- igor_sysoev nginx 1.3.16
- igor_sysoev nginx 1.3.2
- igor_sysoev nginx 1.3.3
- igor_sysoev nginx 1.3.4
- igor_sysoev nginx 1.3.5
- igor_sysoev nginx 1.3.6
- igor_sysoev nginx 1.3.7
- igor_sysoev nginx 1.3.8
- igor_sysoev nginx 1.3.9
- igor_sysoev nginx 1.4.0
- igor_sysoev nginx 1.4.1
- igor_sysoev nginx 1.4.2
- igor_sysoev nginx 1.4.3
- igor_sysoev nginx 1.5.0
- igor_sysoev nginx 1.5.1
- igor_sysoev nginx 1.5.2
- igor_sysoev nginx 1.5.3
- igor_sysoev nginx 1.5.4
- igor_sysoev nginx 1.5.5
- igor_sysoev nginx 1.5.6
References
- CVE: CVE-2013-4547