Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?
onyxraven at gmail.com
Sat Dec 31 18:37:39 UTC 2011
Without going through the way nginx parses an incoming request, I'm unsure
if nginx isn't vulnerable to this, because of the availability to grab the
value of a GET parameter via
http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that
especially if an $arg_PARAMETER isn't used in the config, it is not
vulnerable because it wouldn't even attempt to parse the parameters, but I
can't be sure.
Can anyone speak to this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx