nginx on Windows Directory Aliases Access Restriction Bypass

medium Nessus Plugin ID 61394

Synopsis

The web server on the remote host may be affected by an access restriction bypass vulnerability.

Description

According to its Server response header, the installed version of nginx is 0.x greater than or equal to 0.7.52 or 1.x earlier than 1.2.1 / 1.3.1 and is, therefore, affected by an access restriction bypass vulnerability.

By using a request with a specially crafted directory name, such as '/directory::$index_allocation' in place of '/directory', an attacker may be able to bypass access restrictions such as :

location /directory/ { deny all;
}

Note that this vulnerability only affects installs on Windows and that Nessus has not tried to verify the underlying OS.

Solution

Upgrade to version 1.2.1 / 1.3.1 or later.

See Also

http://nginx.org/en/CHANGES-1.2

http://nginx.org/en/security_advisories.html

Plugin Details

Severity: Medium

ID: 61394

File Name: nginx_1_3_1.nasl

Version: 1.14

Type: combined

Agent: unix

Family: Web Servers

Published: 8/2/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-4963

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:nginx:nginx

Required KB Items: installed_sw/nginx

Exploit Ease: No known exploits are available

Patch Publication Date: 6/5/2012

Vulnerability Publication Date: 6/5/2012

Reference Information

CVE: CVE-2011-4963

BID: 55920