BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Report OWASP WAF Naxsi bypass Vulnerability Mar 26 2013 02:00AM
safe3q gmail com
OWASP WAF Naxsi bypass Vulnerability

Certain unspecified input is not properly handed in
naxsi_src/naxsi_utils.c naxsi_unescape_uri(u_char **dst, u_char **src,
size_t size, ngx_uint_t type) before being used to filtered. This can
be exploited to bypass some WAF rules.

Naxsi site
https://code.googl...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus