Top 3 Most Critical Nginx Vulnerabilities Found
Claiming to run 60 percent of the world’s busiest websites, NGINX is often exalted as “the secret heart of the modern web”. More than half of the Internet’s busiest websites including Airbnb, Box, Instagram, Netflix, Pinterest, SoundCloud, and Zappos rely on NGINX. Often web servers are the center of attraction for cyber criminals and they are constantly looking to exploit the slightest flaw to steal sensitive information. NGINX has been no exception. It has witnessed cyber attacks and exposed vulnerabilities time and again. Nevertheless, NGINX has enforced strong security measures, and thus its mounting popularity.
Enlisted below are the top 3 most critical Nginx Vulnerabilities found to date:
1. Nginx SPDY heap buffer overflow
The SPDY implementation in nginx 1.3.15 and 1.5.x before 1.5.12 became vulnerable to a heap-based buffer overflow. This typically allows an attacker to execute arbitrary code through a crafted request. The issue affects nginx compiled with the ngx_http_spdy_module module (which is not compiled by default) and without –with-debug configure option, if the “spdy” option of the “listen” directive is used in a configuration file.
Exploiting this an attacker can perform arbitrary code execution by specially crafting a request to cause a heap memory buffer overflow. This would gravely affect the Web Server.
The recommended fix for this vulnerability is to upgrade nginx to the latest version. Moreover, apply necessary patches provided by the vendor.
At Astra, we have a team of security experts who helped hundreds of website to get secure from XSS, LFI, RFI, SQL Injection and 80+other security threats. Secure your website now.
2. Nginx Root Privilege Escalation Vulnerability
The Nginx Root Privilege Escalation Vulnerability has been deemed as high severity. The CVE-2016-1247 nginx vulnerability can lead to the creation of log directories with insecure permissions, These, in turn, can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. Thus compromising any web application hosted on the Nginx server. The root privilege escalation vulnerability affects nginx web server packages on Debian based distributions such as Debian or Ubuntu
This vulnerability stems from the following procedure: When Nginx is installed from default repositories on Debian-based systems (Debian, Ubuntu, etc.), it creates the nginx log directory at the following location and with the
~# ls -
drwxr-x--- 2 www-data adm 4096 Nov 12 22:32 /var/log/nginx/
~# ls -
-rw-r----- 1 www-data adm 0 Nov 12 22:31 /var/log/nginx/access.log
-rw-r--r-- 1 root root 0 Nov 12 22:47 /var/log/nginx/error.log
Since the /var/log/nginx directory is owned by www-data, attackers can replace the log files with a symlink to an arbitrary file on gaining access to the system. When restarted, the logs would be written to the file pointed to
by the symlink. Thus allowing the attackers to escalate privileges to root.
The vulnerability was fixed in Nginx 1.6.2-5+deb8u3 package on Debian and Nginx 1.10.0-0ubuntu0.16.04.3 on Ubuntu (16.04 LTS).
3. Remote Integer Overflow Vulnerability
The Nginx Remote Integer Overflow Vulnerability CVE-2017-7529 is a Boundary Condition Error type vulnerability. This vulnerability stems from nginx’s inability to perform adequate boundary checks on user-supplied data. Exploiting this, attackers can gain access to sensitive information or may crash the application resulting in a denial-of-service condition. Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability
To mitigate this issue, update to the latest nginx version and check specific vendor advisory for more information.
Also, check our blog article on Critical Apache Vulnerabilities
Worried about protecting your website from malicious attacks? Contact Astra to secure your business against internet fraud.
Astra Security Suite offers Web Application Firewall (WAF) which stops various common attacks such as XSS, LFI, RFI, SQL Injection and 100+other security threats. Our Malware Scanner is known for its super fast scanning (> 10 minutes for the first scan and >1 minute for following scans) of websites.