nginx Security Issues Expose More than 14 Million Servers to DoS Attacks

The vulnerabilities reside in the HTTP/2 and MP4 modules


November 7th, 2018,  By Sergiu Gatlan 


New versions of the nginx web server have been released on November 6 to patch multiple security issues affecting versions before 1.15.6, 1.14.1 and allowing potential attackers to trigger a denial-of-service (DoS) state and to access to potentially sensitive info.


According to its project website, nginx is an open source “HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server” released under the 2-clause BSD-like license.


Furthermore, “According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018. Here are some of the success stories: Dropbox, Netflix,, FastMail.FM” (emphasis ours.)


“Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844),” as detailed in nginx’s advisory.


Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software