Maxim Dounin
[nginx-announce] security advisory
June 05, 2012 10:34AM

Vladimir Kochetkov, Positive Research Center, discovered a
security problem in nginx/Windows, which might allow security
restrictions bypass (CVE-2011-4963).

There are many ways to access the same file when working under
Windows, and nginx failed to account for all of them. As a
result, it was possible to bypass security restrictions like

location /directory/ {
deny all;

by requesting a file as "/directory::$index_allocation/file", or
"/directory:$i30:$index_allocation/file", or "/directory./file".

The problem is fixed in nginx/Windows 1.3.1, 1.2.1.

For older versions the following configuration can be used as a

location ~ "(\./|:\$)" {
deny all;

Maxim Dounin

nginx-announce mailing list
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 129
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready