Welcome! Log In Create A New Profile

Advanced

Re: Shellshock protection using nginx ?

mex
September 26, 2014 05:16AM
hi pekka,


since the attack, esp. against CGI, is possible through (custom) headers/cookies etc
you'd need some waf-functionalities (afaik)

naxsi, an nginx-based waf, has a signature for this since wednesday

MainRule "str:() {" "msg:Possible Remote code execution through Bash CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393 ;



http://blog.dorvakt.org/2014/09/ruleset-update-possible-remote-code.html
Subject Author Posted

Shellshock protection using nginx ?

Anonymous User September 26, 2014 04:02AM

Re: Shellshock protection using nginx ?

itpp2012 September 26, 2014 05:14AM

Re: Shellshock protection using nginx ?

mex September 26, 2014 05:23AM

Re: Shellshock protection using nginx ?

mex September 26, 2014 05:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 197
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready