CVE-2023-45132

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 11, 2023

Updated: Oct 18, 2023

CWE ID 693

Summary

CVE-2023-45132 is a vulnerability affecting NAXSI, an open-source maintenance web application firewall for NGINX. Starting from version 1.3 and prior to version 1.6, this issue enables bypassing the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This outdated code was designed to accommodate older NGINX versions with multiple reverse proxies. Version 1.6 includes the patch for this vulnerability. As a temporary solution, do not configure `IgnoreIP` or `IgnoreCIDR` rules for older NAXSI versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5FqDw
https://www.cve.org/CVERecord?id=CVE-2023-45132
https://nvd.nist.gov/vuln/detail/CVE-2023-45132

Back to Vulnerability Database

CVE-2023-45132

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations