Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:NGINX-CHUNK-TRANSDOS2 |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nginx Chunked Transfer Parsing Denial of Service 2 |
Release Date |
2016/02/11 |
Update Number |
2644 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Nginx Chunked Transfer Parsing Denial of Service 2
This signature detects attempts to exploit a known flaw in Nginx. A successful attack can result in a denial-of-service condition.
Extended Description
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
Affected Products
- Igor_sysoev nginx 1.2.1
- Igor_sysoev nginx 1.2.2
- Igor_sysoev nginx 1.2.3
- Igor_sysoev nginx 1.2.4
- Igor_sysoev nginx 1.2.5
- Igor_sysoev nginx 1.2.6
- Igor_sysoev nginx 1.2.7
- Igor_sysoev nginx 1.2.8
- Nginx nginx 1.1.10
- Nginx nginx 1.1.11
- Nginx nginx 1.1.12
- Nginx nginx 1.1.13
- Nginx nginx 1.1.15
- Nginx nginx 1.1.16
- Nginx nginx 1.1.17
- Nginx nginx 1.1.18
- Nginx nginx 1.1.19
- Nginx nginx 1.1.4
- Nginx nginx 1.1.6
- Nginx nginx 1.1.7
- Nginx nginx 1.1.8
- Nginx nginx 1.1.9
- Nginx nginx 1.2.0
- Nginx nginx 1.3.0
- Nginx nginx 1.3.1
- Nginx nginx 1.3.10
- Nginx nginx 1.3.11
- Nginx nginx 1.3.12
- Nginx nginx 1.3.13
- Nginx nginx 1.3.14
- Nginx nginx 1.3.15
- Nginx nginx 1.3.16
- Nginx nginx 1.3.2
- Nginx nginx 1.3.3
- Nginx nginx 1.3.4
- Nginx nginx 1.3.5
- Nginx nginx 1.3.6
- Nginx nginx 1.3.7
- Nginx nginx 1.3.8
- Nginx nginx 1.3.9
- Nginx nginx 1.4.0
References
- CVE: CVE-2013-2070