logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Spencer Pearlman
2021-09-24

tldr - powered by Generative AI

Common NGINX misconfigurations that leave web servers vulnerable to attack
  • NGINX is a popular web server powering one-third of all websites
  • Detectify's Security Research team analyzed almost 50,000 unique NGINX configuration files and discovered common misconfigurations
  • Missing root directive can lead to sensitive files being accessed
  • Off by slash vulnerability can allow access to sensitive files
  • Remediation involves using specific paths and ensuring they do not contain sensitive files