Bypassing Web Application Firewall in VeryNginx 0.3.3 due to Missing Error Handler

Bypassing Web Application Firewall in VeryNginx 0.3.3 due to Missing Error Handler

CVE-2018-19991 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.

Learn more about our Web App Pen Testing.