Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For
Vulnerability Description
NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
保护机制失效
Vulnerability Title
NAXSI 安全漏洞
Vulnerability Description
NAXSI是NGINX 的开源维护 Web 应用程序防火墙 (WAF)。 NAXSI 1.3及之前版本存在安全漏洞,该漏洞源于当恶意IP匹配规则时允许绕过WAF IgnoreIP IgnoreCIDR。
CVSS Information
N/A
Vulnerability Type
N/A