nginx Server Denial of Service

May 24, 2013

nginx is an open source web server and a reverse proxy server for HTTP, SMTP, POP3, and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. nginx implements the HTTP protocol version 1.1 as defined in RFC 2616.

A denial of service vulnerability exists in nginx. Specifically, the vulnerability is due to an input validation error when handling chunked requests or responses from a peer. A remote attacker could exploit this vulnerability by sending a crafted HTTP request/response to the target server. Successful exploitation would terminate the process and cause a denial of service condition.

Dell SonicWALL has released IPS signatures to detect and block specific exploitation attempts targeting this vulnerability. The signatures are listed below:

  • 3113 Suspicious HTTP Transfer-Encoding Header 1c
  • 4590 Suspicious HTTP Transfer-Encoding Header 1s