Tag

Website

Browsing

By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information on the internal structure of an application and/or its IP address. Turns out this issue has been around for all of ten years and the vulnerability affects versions of nginx as early as 0.5.6…

by Ivan Novikov Image by Byseyhanla (Own work) [CC BY-SA 4.0, article re-posted from https://medium.com/@d0znpp/top-5-stupid-security-mistakes-in-web-apps-2f26f52ebfaaIn this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! Apache to Nginx migration configuration files disclosure. Just don’t forget…