Some cases of insecure NGINX configurations

Mon 02 June 2014

Nginx is very nice web server with flexilble configuration options and secure-enough defaults.

But, sometimes administrators can make mistakes cooking it.

Case 1: try_files

Nginx has a nice feature try_files which "checks the existence of files in the specified order and uses the first found file for request processing ...", "if ...

cURL buffer overflow

Wed 06 February 2013

Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution (RCE). When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size ...

PHP <=5.4.8, <=5.3.18 with mbstring.encoding_translation = On is vulnerable to HashDoS

Mon 26 November 2012

Hashdos attack on scripting languages was introduced first time at 28C3 conference [1]. It targets the performance bottleneck in keeping large hash tables made of request parameters.

The main way to protect from this attack is to limit the number of request parameters. In PHP it is done through the ...