Add description

patch-1
Noam Rathaus 2021-10-13 12:00:39 +03:00
parent b86a987030
commit ab008edc5b
1 changed files with 1 additions and 0 deletions

View File

@ -4,6 +4,7 @@ info:
name: Nginx Merge Slashes Path Traversal name: Nginx Merge Slashes Path Traversal
author: dhiyaneshDk author: dhiyaneshDk
severity: medium severity: medium
description: A vulnerability in the remote Nginx server could cause the server to merge slashslash together causing what should have protected the web site from a directory traversal vulnerability into a vulnerable server.
reference: reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json
- https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d - https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d