Displaying 1 result from an estimated 1 matches for "http_transfer_encod".
2013 May 07
0
nginx security advisory (CVE-2013-2028)
...on (CVE-2013-2028).
The problem affects nginx 1.3.9 - 1.4.0.
The problem is fixed in nginx 1.5.0, 1.4.1.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration
can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
--
Maxim Dounin
http://nginx.org/en/donation.html