icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

nginx 8.3 Filename Alias Request Access Rules / Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data

Description

Versions of nginx earlier than 0.7.65 are potentially affected by a security bypass vulnerability. By appending %20 to a requested file, an attacker can view the source code of potentially sensitive scripts.

Solution

Upgrade to nginx 0.7.65 or later.