nginx < 1.2.x / 1.3.x < 1.2.1 / 1.3.1 Vulnerabilities with Windows directory aliases
Medium Nessus Network Monitor Plugin ID 6529
SynopsisThe remote web server is affected by an access restriction bypass vulnerability
DescriptionThe remote host is running a nginx HTTP server.
Versions earlier than 1.2.1(stable version) or versions earlier than 1.3.1(development version) are vulnerable to an access restriction bypass vulnerability.
By using a request with a specially crafted directory name, such as '/directory::$index_allocation' in place of '/directory', an attacker may be able to bypass access restrictions.
Note that this vulnerability only affects installs on Windows. (CVE-2012-4963)
SolutionUpgrade to nginx 1.2.1(stable version) or 1.3.1(development version) or later.