nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure
Medium Nessus Plugin ID 58414
SynopsisThe web server on the remote host is affected by a memory disclosure vulnerability.
DescriptionThe remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email (IMAP/POP3) proxy.
According to its Server response header, the installed version of nginx is earlier than 1.0.14 or is 1.1.x before 1.1.17 and is, therefore, affected by a memory disclosure vulnerability.
An issue related to the parsing of HTTP header responses can allow a remote attacker to obtain the contents of previously freed memory.
SolutionUpgrade to version 1.0.14 / 1.1.17 or later.