BugTraq
Re: Nginx 0.8.35 Space Character Remote Source Disclosure May 31 2010 03:00PM
abc12345 hushmail com (2 replies)
Re: Nginx 0.8.35 Space Character Remote Source Disclosure Jun 01 2010 02:26AM
Zach (admin racksecurity net)
RE: Nginx 0.8.35 Space Character Remote Source Disclosure Jun 01 2010 12:02AM
reply-to-list mailinator com
Looks like this affected Windows only, and was fixed a while ago.

Changes with nginx 0.7.65 01 Feb 2010

*) Security: now nginx/Windows ignores trailing spaces in URI.
Thanks to Dan Crowley, Core Security Technologies.

-----Original Message-----
From: abc12345 (at) hushmail (dot) com [email concealed] [mailto:abc12345 (at) hushmail (dot) com [email concealed]]
Sent: Monday, May 31, 2010 11:00 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Nginx 0.8.35 Space Character Remote Source Disclosure

what about the stable branch? Versions 0.7.65 and earlier?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus