GSD-2022-1000285

Source
https://data.gsd.id/GSD-2022-1000285
Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000285.json
JSON Data
https://api.osv.dev/v1/vulns/GSD-2022-1000285
Withdrawn
2023-03-14T07:01:09.290007Z
Published
2022-02-23T19:01:53.222611Z
Modified
2023-03-14T07:01:09.290007Z
Summary
Unsafe default configuration values in Nginx version all version
Details

INFORMATIONAL

In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to:

  1. Not enough file descriptors per worker
  2. The error_log off directive
  3. Not enabling keepalive connections to upstream servers
  4. Forgetting how directive inheritance works
  5. The proxy_buffering off directive
  6. Improper use of the if directive
  7. Excessive health checks
  8. Unsecured access to metrics
  9. Using ip_hash when all traffic comes from the same /24 CIDR block
  10. Not taking advantage of upstream groups
References

Affected packages