Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?

agentzh agentzh at
Sun Jan 1 05:54:08 UTC 2012

On Sun, Jan 1, 2012 at 2:37 AM, Justin Hart <onyxraven at> wrote:
> Without going through the way nginx parses an incoming request, I'm unsure
> if nginx isn't vulnerable to this, because of the availability to grab the
> value of a GET parameter
> via  My hope is that
> especially if an $arg_PARAMETER isn't used in the config, it is not
> vulnerable because it wouldn't even attempt to parse the parameters, but I
> can't be sure.

Well, the $arg_PARAMETER variable is not implemented with hash tables
at all ;) It scans the URI query string at every invocation :)


More information about the nginx mailing list