Description
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
Remediation
References
Related Vulnerabilities
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-33327)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)
Squid Improper Input Validation Vulnerability (CVE-2021-33620)
Oracle Database Server CVE-2007-2108 Vulnerability (CVE-2007-2108)