web analytics

nginx Security Issues Expose More than 14 Million Servers to DoS Attacks

The vulnerabilities reside in the HTTP/2 and MP4 modules

 

November 7th, 2018,  By Sergiu Gatlan 

 

New versions of the nginx web server have been released on November 6 to patch multiple security issues affecting versions before 1.15.6, 1.14.1 and allowing potential attackers to trigger a denial-of-service (DoS) state and to access to potentially sensitive info.

 

According to its project website, nginx is an open source “HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server” released under the 2-clause BSD-like license.

 

Furthermore, “According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018. Here are some of the success stories: Dropbox, Netflix, WordPress.com, FastMail.FM” (emphasis ours.)

 

“Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844),” as detailed in nginx’s advisory.

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software