#VU11517 Improper input validation in OpenResty
Vulnerability identifier: #VU11517
Vulnerability risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
OpenResty
Server applications /
Web servers
Vendor: OpenResty Inc.
Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper validation of URI parameter values when handling the ngx.req.get_uri_args and ngx.req.get_post_args functions with more than 100 parameters. A remote attacker can use GET and POST requests that contain more than 100 parameters in the affected functions, where malicious input is included in parameters after the first 100, trigger URI parameter overflow and bypass security restrictions.
Mitigation
Update to version 1.13.6.1.
Vulnerable software versions
OpenResty: 1.4.0 - 1.11.2.5
External links
http://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty....
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
