Nginx Cloud Storage HTTP Splitting

medium Web App Scanning Plugin ID 113642

Synopsis

Nginx Cloud Storage HTTP Splitting

Description

The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried.

It is therefore possible for an attacker to inject arbitrary content from a cloud storage they control.

Solution

Developers should avoid evaluating expressions derived directly from untrusted user inputs to prevent malicious injections. If the application still requires this type of inputs, the user-supplied data should be strictly validated to avoid advanced expression injection by using an allowlist or filtering the usage of special characters.

See Also

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/nginx

https://owasp.org/www-community/attacks/HTTP_Response_Splitting

Plugin Details

Severity: Medium

ID: 113642

Type: remote

Published: 3/8/2023

Updated: 3/8/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*

Reference Information