Home > Vulnerability Database > CVE-2023-45132

Mend.io Vulnerability Database

CVE-2023-45132

Date: October 11, 2023

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious "X-Forwarded-For" IP matches "IgnoreIP" "IgnoreCIDR" rules. This old code was arranged to allow older NGINX versions to also support "IgnoreIP" "IgnoreCIDR" when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any "IgnoreIP" "IgnoreCIDR" for older versions.

Language: C

Severity Score

9.1

Related Resources (5)

Url: https://github.com/wargio/naxsi/commit/1b712526ed3314dd6be7e8b0259eabda63c19537

Url: https://github.com/wargio/naxsi/pull/103

Url: https://github.com/wargio/naxsi/security/advisories/GHSA-7qjc-q4j9-pc8x

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45132

Url: https://www.mend.io/vulnerability-database/CVE-2023-45132

Severity Score

9.1

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45132

Date: October 11, 2023

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?