Nginx Restriction Bypass via Space Character in URI

Impact: High

Description

A vulnerability in Nginx allows attackers to bypass security restrictions in specific configurations by exploiting a flaw in request URI processing. When an unescaped space character is followed by certain characters, some security checks on the request URI may be bypassed.

Recommendation

To mitigate this vulnerability, upgrade Nginx to the latest version. As a temporary workaround, apply the following configuration within each server{} block:

  if ($request_uri ~ " ") {
      return 444;
  }

This configuration prevents requests containing spaces from being processed.

References

CVE-2013-4547
CVE-2013-4547 - Nginx Space Character Bypass Vulnerability
CWE-20
Mitigating Nginx Vulnerabilities
Nginx
nginx security advisory
OWASP 2021-A6

👉 You might also like:

Nginx Null Byte Code Execution - CVE-2013-2028

Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013

Apache mod_jk Access Control Bypass - CVE-2018-11759

Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230

Last updated on May 13, 2024

Nginx Restriction Bypass via Space Character in URI

Description

Recommendation

References

This issue is available in SmartScanner Professional