PT-2014-11: Information Disclosure in nginx
Version: 1.7.3 and earlier
Severity level: Low
Impact: Information Disclosure
Access Vector: Local
Base Score: 1.9
CVE: not assigned
nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server.
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in nginx.
URI normalization function does not properly handle the transmitted values, thus an attacker can disclose memory areas using a web server log.
Update your sofware up to the latest version
18.07.2014 - Vendor gets vulnerability details
05.08.2014 - Vendor releases fixed version and details
05.09.2014 - Public disclosure
The vulnerability was detected by Sergey Bobrov, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: