Nginx Restriction Bypass via Space Character in URI

Description

A vulnerability in Nginx allows attackers to bypass security restrictions in specific configurations by exploiting a flaw in request URI processing. When an unescaped space character is followed by certain characters, some security checks on the request URI may be bypassed.

Recommendation

To mitigate this vulnerability, upgrade Nginx to the latest version. As a temporary workaround, apply the following configuration within each server{} block:

  if ($request_uri ~ " ") {
      return 444;
  }

This configuration prevents requests containing spaces from being processed.

References

• nginx security advisory
• Mitigating Nginx Vulnerabilities
• Nginx
• CVE-2013-4547
• CWE-20
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Nginx Null Byte Code Execution - CVE-2013-2028
• Apache mod_jk Access Control Bypass - CVE-2018-11759
• BREACH attack - CVE-2013-3587
• Nginx Integer Overflow - CVE-2017-7529

Tags:

Nginx

Security Bypass

Request Processing