CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-23017 – Nginx 1.20.0 - Denial of Service (DOS)
https://notcve.org/view.php?id=CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Se identificó un problema de seguridad en el solucionador de nginx, que podría permitir a un atacante que pueda falsificar paquetes UDP desde el servidor DNS para causar una sobrescritura de memoria de 1 byte, lo que causaría un bloqueo del proceso de trabajo u otro impacto potencial A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Nginx version 1.20.0 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/50973 https://github.com/M507/CVE-2021-23017-PoC https://github.com/ShivamDey/CVE-2021-23017 https://github.com/lakshit1212/CVE-2021-23017-PoC http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E https://lists.apache.org/thread.html/r4d4966221ca399 • CWE-193: Off-by-one Error •
CVE-2020-36309
https://notcve.org/view.php?id=CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. ngx_http_lua_module (también se conoce como lua-nginx-module) versiones anteriores a 0.10.16 en OpenResty permite caracteres no seguros en un argumento cuando se usa la API para mutar un URI o un encabezado de petición o respuesta • https://github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16 https://github.com/openresty/lua-nginx-module/pull/1654 https://news.ycombinator.com/item?id=26712562 https://security.netapp.com/advisory/ntap-20210507-0005 •
CVE-2020-11724
https://notcve.org/view.php?id=CVE-2020-11724
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. Se detectó un problema en OpenResty versiones anteriores a 1.15.8.4. El archivo ngx_http_lua_subrequest.c permite un tráfico no autorizado de peticiones HTTP, como es demostrado por la API ngx.location.capture. • https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html https://security.netapp.com/advisory/ntap-20210129-0002 https://www.debian.org/security/2020/dsa-4750 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2018-9230
https://notcve.org/view.php?id=CVE-2018-9230
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty ** EN DISPUTA** En OpenResty hasta la versión 1.13.6.1, los parámetros URI se obtienen utilizando las funciones ngx.req.get_uri_args y ngx.req.get_post_args que ignoran los parámetros posteriores al centésimo, lo que permite que los atacantes omitan las restricciones de acceso o interfieran con determinados productos Web Application Firewall (ngx_lua_waf o X-WAF). NOTA: el fabricante ha notificado que 100 parámetros es una configuración por defecto intencional, pero puede ajustarse en la API. La postura del fabricante es que un uso erróneo relevante para las seguridad de la API por parte de un producto WAF es una vulnerabilidad del producto WAF, no en OpenResty. • https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md https://openresty.org/en/changelog-1013006.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •