What is the vulnerability ID for this OpenResty vulnerability?

The vulnerability ID for this OpenResty vulnerability is CVE-2018-9230.

What is the severity of CVE-2018-9230?

The severity of CVE-2018-9230 is critical, with a severity value of 9.8.

Why is CVE-2018-9230 considered a vulnerability?

CVE-2018-9230 is considered a vulnerability because it can lead to the bypassing of access restrictions or interference with Web Applications, compromising the security of OpenResty.

Is there a fix available for CVE-2018-9230?

Yes, a fix is available for CVE-2018-9230 in OpenResty version 1.13.7.2 and later.

Vulnerability/
CVE-2018-9230

critical

9.8

CWE

2/4/2018

5/8/2024

CVE-2018-9230: SQL Injection

Q: How does CVE-2018-9230 affect OpenResty?

CVE-2018-9230 allows remote attackers to bypass access restrictions or interfere with certain Web Applications in OpenResty through 1.13.6.1 using URI parameters.

First published: Mon Apr 02 2018(Updated: )

** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Openresty Openresty	<1.13.6.1
	<1.13.6.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this OpenResty vulnerability?
The vulnerability ID for this OpenResty vulnerability is CVE-2018-9230.
What is the severity of CVE-2018-9230?
The severity of CVE-2018-9230 is critical, with a severity value of 9.8.
How does CVE-2018-9230 affect OpenResty?
CVE-2018-9230 allows remote attackers to bypass access restrictions or interfere with certain Web Applications in OpenResty through 1.13.6.1 using URI parameters.
Why is CVE-2018-9230 considered a vulnerability?
CVE-2018-9230 is considered a vulnerability because it can lead to the bypassing of access restrictions or interference with Web Applications, compromising the security of OpenResty.
Is there a fix available for CVE-2018-9230?
Yes, a fix is available for CVE-2018-9230 in OpenResty version 1.13.7.2 and later.

collector/nvd-index
agent/type
agent/references
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/status
agent/softwarecombine
agent/description
agent/event
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/mitre-cve
source/MITRE
status/disputed
vendor/openresty
canonical/openresty openresty

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.