Nginx Null Byte Code Execution

Description

Allowing null byte character (ASCII 0x00) in the URL can lead to a severe security risk. If the user can manipulate file contents on the server, this vulnerability may result in arbitrary PHP code execution, enabling attackers to take control of the server and execute unauthorized commands.

Recommendation

Upgrade Nginx to a version that properly sanitizes input and disallows null byte characters in URLs.

References

• Nginx
• CVE-2013-2028
• CWE-158
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Nginx Code Execution due to Misconfiguration - Vulnerability
• Drupal 'Drupalgeddon2' Remote Code Execution - CVE-2018-7600
• HTTP Protocol Stack Remote Code Execution Vulnerability (DOS) - CVE-2021-31166
• Nginx Restriction Bypass via Space Character in URI - CVE-2013-4547

Tags:

Nginx

Arbitrary Code Execution

Input Validation