911 Hack Removal

Top 3 Most Critical Nginx Vulnerabilities Found

Updated on: May 4, 2020

Top 3 Most Critical Nginx Vulnerabilities Found

Claiming to run 60 percent of the world’s busiest websites, NGINX is often exalted as “the secret heart of the modern web”. More than half of the Internet’s busiest websites including Airbnb, Box, Instagram, Netflix, Pinterest, SoundCloud, and Zappos rely on NGINX. Often web servers are the center of attraction for cyber criminals and they are constantly looking to exploit the slightest flaw to steal sensitive information. NGINX has been no exception. It has witnessed cyber attacks and exposed vulnerabilities time and again. Nevertheless, NGINX has enforced strong security measures, and thus its mounting popularity.

Enlisted below are the top 3 most critical Nginx Vulnerabilities found to date:

1. Nginx SPDY heap buffer overflow

The SPDY implementation in nginx 1.3.15 and 1.5.x before 1.5.12 became vulnerable to a heap-based buffer overflow. This typically allows an attacker to execute arbitrary code through a crafted request. The issue affects nginx compiled with the ngx_http_spdy_module module (which is not compiled by default) and without –with-debug configure option, if the “spdy” option of the “listen” directive is used in a configuration file.

Top 3 Most Critical Nginx Vulnerabilities Found
Vulnerable nginx version
Top 3 Most Critical Nginx Vulnerabilities Found

Exploiting this an attacker can perform arbitrary code execution by specially crafting a request to cause a heap memory buffer overflow. This would gravely affect the Web Server.

The recommended fix for this vulnerability is to upgrade nginx to the latest version. Moreover, apply necessary patches provided by the vendor.

At Astra, we have a team of security experts who helped hundreds of website to get secure from XSS, LFI, RFI, SQL Injection and 80+other security threats. Secure your website now.

2. Nginx Root Privilege Escalation Vulnerability

The Nginx Root Privilege Escalation Vulnerability has been deemed as high severity. The CVE-2016-1247  nginx vulnerability can lead to the creation of log directories with insecure permissions, These, in turn, can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. Thus compromising any web application hosted on the Nginx server. The root privilege escalation vulnerability affects nginx web server packages on Debian based distributions such as Debian or Ubuntu

This vulnerability stems from the following procedure:  When Nginx is installed from default repositories on Debian-based systems (Debian, Ubuntu, etc.), it creates the nginx log directory at the following location and with the
following permissions:

root@xenial:~# ls -ld /var/log/nginx/
drwxr-x--- 2 www-data adm 4096 Nov 12 22:32 /var/log/nginx/
root@xenial:~# ls -ld /var/log/nginx/*
-rw-r----- 1 www-data adm 0 Nov 12 22:31 /var/log/nginx/access.log
-rw-r--r-- 1 root root 0 Nov 12 22:47 /var/log/nginx/error.log

Since the /var/log/nginx directory is owned by www-data, attackers can replace the log files with a symlink to an arbitrary file on gaining access to the system. When restarted, the logs would be written to the file pointed to
by the symlink. Thus allowing the attackers to escalate privileges to root.

The vulnerability was fixed in Nginx 1.6.2-5+deb8u3 package on Debian and Nginx 1.10.0-0ubuntu0.16.04.3 on Ubuntu (16.04 LTS).

3. Remote Integer Overflow Vulnerability

The Nginx Remote Integer Overflow Vulnerability CVE-2017-7529 is a Boundary Condition Error type vulnerability. This vulnerability stems from nginx’s inability to perform adequate boundary checks on user-supplied data. Exploiting this, attackers can gain access to sensitive information or may crash the application resulting in a denial-of-service condition. Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability

To mitigate this issue, update to the latest nginx version and check specific vendor advisory for more information.

Also, check our blog article on Critical Apache Vulnerabilities

30,000 websites get hacked every single day. Are you next?

Secure your website from malware and hackers using Astra before it is too late.

Astra Security Suite offers Web Application Firewall (WAF) which stops various common attacks such as XSS, LFI, RFI, SQL Injection and 100+other security threats. Our Malware Scanner is known for its super fast scanning (> 10 minutes for the first scan and >1 minute for following scans) of websites.

Firewall working
How Astra Web Application Firewall protects your WordPress website

Don’t take our words for it. See it for yourself!

Peek inside Astra

Was this post helpful?

Tags: , ,

Bhagyeshwari Chauhan

An engineering grad and a technical writer, Bhagyeshwari blogs about web security, futuristic tech and space science.

Questions? Got something to add? Let’s Talk


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany