Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Bicep
- Ci
- Dockerfile
- Dockerfile
- Html-templates
- Hugo
- Nginx
- Secrets
- Unicode
- Visualforce
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Security
Conditions for Nginx H2C smuggling identified. H2C smuggling allows upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections which can allow a bypass of reverse proxy access controls, and lead to long-lived, unrestricted HTTP traffic directly to back-end servers. To mitigate: WebSocket support required: Allow only the value websocket for HTTP/1.1 upgrade headers (e.g., Upgrade: websocket). WebSocket support not required: Do not forward Upgrade headers.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design
’httphost′and′host’ variables may contain a malicious value from attacker controlled ‘Host’ request header. Use an explicitly configured host value or a allow list for validation.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-290: Authentication Bypass by Spoofing
OWASP:
- A07:2021 - Identification and Authentication Failures
Detected an insecure redirect in this nginx configuration. If no scheme is specified, nginx will forward the request with the incoming scheme. This could result in unencrypted communications. To fix this, include the ‘https’ scheme.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
The alias in this location block is subject to a path traversal because the location path does not end in a path separator (e.g., ’/’). To fix, add a path separator to the end of the path.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
This location block contains a ‘proxy_pass’ directive but does not contain the ‘internal’ directive. The ‘internal’ directive restricts access to this location to internal requests. Without ‘internal’, an attacker could use your server for server-side request forgeries (SSRF). Include the ‘internal’ directive in this block to limit exposure.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-16: CWE CATEGORY: Configuration
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
The $$VARIABLE path parameter is added as a header in the response. This could allow an attacker to inject a newline and add a new header into the response. This is called HTTP response splitting. To fix, do not allow whitespace in the path parameter: ’[^\s]+‘.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’)
OWASP:
- A03:2021 - Injection
The protocol scheme for this proxy is dynamically determined. This can be dangerous if the scheme can be injected by an attacker because it may forcibly alter the connection scheme. Consider hardcoding a scheme for this proxy.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-16: CWE CATEGORY: Configuration
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
The host for this proxy URL is dynamically determined. This can be dangerous if the host can be injected by an attacker because it may forcibly alter destination of the proxy. Consider hardcoding acceptable destinations and retrieving them with ‘map’ or something similar.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-441: Unintended Proxy or Intermediary (‘Confused Deputy’)
OWASP:
- A01:2021 - Broken Access Control
This server configuration is missing the ‘ssl_protocols’ directive. By default, this server will use ‘ssl_protocols TLSv1 TLSv1.1 TLSv1.2’, and versions older than TLSv1.2 are known to be broken. Explicitly specify ‘ssl_protocols TLSv1.2 TLSv1.3’ to use secure TLS versions.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
The ‘add_header’ directive is called in a ‘location’ block after headers have been set at the server block. Calling ‘add_header’ in the location block will actually overwrite the headers defined in the server block, no matter which headers are set. To fix this, explicitly set all headers or set all headers in the server block.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-16: CWE CATEGORY: Configuration
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
Detected use of an insecure SSL version. Secure SSL versions are TLSv1.2 and TLS1.3; older versions are known to be broken and are susceptible to attacks. Prefer use of TLSv1.2 or later.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures