Post Production Vulnerabilities Remediation Nginx Outdated Version Detected #ACN-2019-15261

[hy347mc]

Risk Factor: High nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilities Synopsis The remote web server is affected by multiple vulnerabilities.

Description
According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues :

• An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage.
  (CVE-2016-16843)
• An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage.
  (CVE-2016-16844)
• An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2016-16845) ·        

Solution ·        
Upgrade to nginx 1.14.1 / 1.15.6 or later. ·           ·        

See Also Links: nginx.org  nginx.org 
nginx.org 

URL : http://energydata.info/   Installed version : 1.13.9   Fixed version     : 1.14.1

[ss-bhat]

Updated nginx.

bash-5.0# nginx -v
nginx version: nginx/1.17.3