Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?

Justin Hart onyxraven at
Sat Dec 31 18:37:39 UTC 2011

Without going through the way nginx parses an incoming request, I'm unsure
if nginx isn't vulnerable to this, because of the availability to grab the
value of a GET parameter via  My hope is that
especially if an $arg_PARAMETER isn't used in the config, it is not
vulnerable because it wouldn't even attempt to parse the parameters, but I
can't be sure.

Can anyone speak to this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list