Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

nginx 8.3 Filename Alias Request Access Rules / Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data

Description

Versions of nginx earlier than 0.7.65 are potentially affected by a security bypass vulnerability. By appending %20 to a requested file, an attacker can view the source code of potentially sensitive scripts.

Solution

Upgrade to nginx 0.7.65 or later.