Missing Nginx Buffer Overflow Protection

漏洞信息

漏洞名称: Missing Nginx Buffer Overflow Protection

漏洞类型: 缓冲区溢出

漏洞等级: 中危

漏洞描述: Nginx是一款广泛使用的高性能Web服务器和反向代理服务器,常用于企业级服务和Web应用组件中,因其高效和稳定性而受到青睐。该漏洞涉及Nginx配置中缺少缓冲区溢出保护,可能导致大型请求攻击。漏洞的技术根源在于Nginx配置文件中未正确设置proxy_buffer_sizeproxy_buffersproxy_busy_buffers_size等参数,这些参数的缺失使得攻击者可能通过发送特制的大型请求来触发缓冲区溢出,进而可能导致服务中断或更严重的安全问题。此漏洞的利用不需要认证,攻击者可以通过网络直接发起攻击,增加了其潜在的危险性。为了缓解此风险,建议管理员检查并更新Nginx配置,确保上述参数得到正确设置,以防止潜在的缓冲区溢出攻击。

产品厂商: Nginx

产品名称: Nginx

来源: https://github.com/projectdiscovery/nuclei-templates/blob/804d1df949d5fbbfdee11564a2df65b6836a8d60/javascript%2Faudit%2Fwebserver%2Fnginx%2Fmissing-nginx-bof-protection.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

id: missing-nginx-bof-protection

info:
  name: Missing Nginx Buffer Overflow Protection
  author: pussycat0x
  severity: medium
  description: |
    Ensures that buffer overflow protection is properly configured in Nginx to prevent large request attacks.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/nginx/
    - https://nginx.org/en/docs/http/ngx_http_proxy_module.html
  metadata:
    verified: true
  tags: nginx,file,audit,ssh,auth,hardening

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      c.Connect(Host,Port,User,Pass);
      const NginxConfig = c.Run(Code)
      NginxConfig
      let result = "";
      if (NginxConfig.includes("http") && NginxConfig.includes("events") && !NginxConfig.includes("proxy_buffer_size") && !NginxConfig.includes("proxy_buffers") && !NginxConfig.includes("proxy_busy_buffers_size")) {
      result += "Missing Nginx Buffer Overflow Protection";
      } else {
      exit();
      }
      result

    args:
      Host: "{{Host}}"
      Port: "22"
      User: "{{usernames}}"
      Pass: "{{passwords}}"
      Code: cat {{path}}

    payloads:
      path:
        - /etc/nginx/nginx.conf
        - /usr/local/etc/nginx/nginx.conf

    matchers:
      - type: dsl
        dsl:
          - "success == true"

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 490a0046304402200775851123ec35677fa66a24443324ac54fe75fd70471cb373801e7c2cf422ea02204c39b749efa797c759094ea627a38b7c7537ea9e57f7faf32196b16e603d4251:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #缓冲区溢出
Missing Nginx Buffer Overflow Protection
http://example.com/2025/07/27/github_2496115349/
作者
lianccc
发布于
2025年7月27日
许可协议