VYPR
Unrated severityNVD Advisory· Published Oct 11, 2023· Updated Sep 17, 2024

IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For

CVE-2023-45132

Description

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX versions to also support IgnoreIP IgnoreCIDR when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any IgnoreIP IgnoreCIDR for older versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wargio/Naxsillm-fuzzy2 versions
    >=1.3,<1.6+ 1 more
    • (no CPE)range: >=1.3,<1.6
    • (no CPE)range: >= 1.3, < 1.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.