This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The web server on the remote host is affected by a buffer overflow
The remote web server is running nginx, a lightweight, high
performance web server / reverse proxy and email (IMAP/POP3) proxy.
According to its Server response header, the installed version of
nginx is between 1.0.7 and 1.0.14 or 1.1.3 and 1.1.18 and is,
therefore, affected by a buffer overflow vulnerability.
An error in the module 'ngx_http_mp4_module' can allow a specially
crafted mp4 file to cause a buffer overflow and can potentially allow
arbitrary code execution.
Note that successful exploitation requires that the 'mp4'
configuration option is enabled and the module 'ngx_http_mp4_module'
is enabled. Nessus has not checked for either of these settings.
See also :
Upgrade to version 1.0.15 / 1.1.19 or later.
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 3.8
Public Exploit Available : false