<p class="p1">Now tried to test for the exploit (<a href="http://forum.nginx.org/read.php?2,88845,88996">http://forum.nginx.org/read.php?2,88845,88996</a>) , nginx return 403 directly without hitting my backend php</p><p class="p1">
<br></p><p class="p1">===============</p><p class="p1"><br></p><p class="p1">curl -s -D - '<a href="http://www.example.com/test.jpg/f.php">http://www.example.com/test.jpg/f.php</a>' </p><p class="p1"></p><p class="p1">
HTTP/1.1 403 Forbidden</p><p class="p1">Server: nginx</p><p class="p1">Date: Fri, 14 Dec 2012 17:40:03 GMT</p><p class="p1">Content-Type: text/html</p><p class="p1">Transfer-Encoding: chunked</p><p class="p1">Connection: keep-alive</p>
<p class="p1"><br></p><p class="p1">Access denied.</p><p class="p1"><br></p><p class="p1"></p><p class="p1">===============</p><div><br></div><div><br></div><div>Which version it was fixed?</div><div><br></div><div>Thanks.</div>
<p></p><p></p>