Without going through the way nginx parses an incoming request, I'm unsure
if nginx isn't vulnerable to this, because of the availability to grab the
value of a GET parameter via
http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that
especially if an $arg_PARAMETER isn't used in the config, it is not
vulnerable because it wouldn't even attempt to parse the parameters, but I
can't be sure.