Maxim Dounin
[nginx-announce] security advisory
June 05, 2012 10:34AM
Hello!

Vladimir Kochetkov, Positive Research Center, discovered a
security problem in nginx/Windows, which might allow security
restrictions bypass (CVE-2011-4963).

There are many ways to access the same file when working under
Windows, and nginx failed to account for all of them. As a
result, it was possible to bypass security restrictions like

location /directory/ {
deny all;
}

by requesting a file as "/directory::$index_allocation/file", or
"/directory:$i30:$index_allocation/file", or "/directory./file".

The problem is fixed in nginx/Windows 1.3.1, 1.2.1.

For older versions the following configuration can be used as a
workaround:

location ~ "(\./|:\$)" {
deny all;
}

Maxim Dounin

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 129
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready