Vigil@nce - nginx: information disclosure via proxy_pass
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When nginx is configured with proxy_pass, a malicious web server
can use a large query, in order to obtain a fragment of nginx
memory, or to trigger a denial of service.
– Impacted products: Fedora, nginx, OpenBSD
– Severity: 2/4
– Creation date: 13/05/2013
DESCRIPTION OF THE VULNERABILITY
The proxy_pass configuration directive is used to put nginx in
front of a web server.
However, nginx does not correctly check the size of data coming
from the server. Technical details are unknown.
When nginx is configured with proxy_pass, a malicious web server
can therefore use a large query, in order to obtain a fragment of
nginx memory, or to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/nginx-information-disclosure-via-proxy-pass-12787