ID

VAR-201005-0437


TITLE

Nginx file type error parsing vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0917

DESCRIPTION

Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. 80sec found that there is a more serious security problem. By default, any type of file may be parsed in PHP by server error. The attacker can execute arbitrary PHP code with WEB permission. Nginx supports php running by default in cgi mode, such as location ~ \\.php$ {root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;include fastcgi_params; The } method supports the parsing of php. When the location selects the request, it uses the URI environment variable to select. The key variable SCRIPT_FILENAME passed to the backend Fastcgi is determined by the $fastcgi_script_name generated by nginx, and the analysis can be seen by $fastcgi_script_name It is directly controlled by the URI environment variable, here is the point where the problem occurs. In order to better support the extraction of PATH_INFO, the cgi.fix_pathinfo option exists in the PHP configuration options, the purpose is to extract the real script name from SCRIPT_FILENAME. So suppose there is a http://www.80sec.com/80sec.jpg, you can visit http://www.80sec.com/80sec.jpg/80sec.php in the following way. nginx is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. The issue affects nginx 0.6.36 and prior

Trust: 0.81

sources: CNVD: CNVD-2010-0917 // BID: 40420

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0917

AFFECTED PRODUCTS

vendor:nginxmodel:nginxscope: - version: -

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.6.36

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6.32

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6

Trust: 0.3

sources: CNVD: CNVD-2010-0917 // BID: 40420

THREAT TYPE

network

Trust: 0.3

sources: BID: 40420

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 40420

EXTERNAL IDS

db:BIDid:40420

Trust: 0.9

db:CNVDid:CNVD-2010-0917

Trust: 0.6

sources: CNVD: CNVD-2010-0917 // BID: 40420

REFERENCES

url:http://www.80sec.com/nginx-securit.html

Trust: 0.6

url:http://nginx.org/

Trust: 0.3

sources: CNVD: CNVD-2010-0917 // BID: 40420

CREDITS

cp77fk4r

Trust: 0.3

sources: BID: 40420

SOURCES

db:CNVDid:CNVD-2010-0917
db:BIDid:40420

LAST UPDATE DATE

2022-05-17T01:41:43.694000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-0917date:2010-05-20T00:00:00
db:BIDid:40420date:2010-05-28T16:30:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-0917date:2010-05-20T00:00:00
db:BIDid:40420date:2010-05-20T00:00:00