Out-of-bounds read causing DoS Attack – CVE-ID: CVE-2022-41741, CVE-2022-41742 A remote attacker might exploit this nginx vulnerability to access potentially sensitive data or launch a denial-of-service attack. The ngx_http_mp4_module module’s boundary condition while processing MP4 files is the cause of the vulnerability. A remote attacker has the ability to launch a denial of service attack, send the […]
A zero-day vulnerability in NGINX’s LDAP Reference Implementation has been fixed by the maintainers of the NGINX web server project. The security update was released in response to this vulnerability. The app users who are proxied by the NGINX web server, the NGINX LDAP reference implementation utilizes the Lightweight Directory Access Protocol (LDAP) to authenticate. […]
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. “This novel code injects itself into a host Nginx application and is nearly invisible,” Sansec Threat Research team said […]
Nginx security teams published a report related to a critical vulnerability in their DNS resolution implementation. Tracked as CVE-2021-23017, successful exploitation of this vulnerability would allow threat actors to take full control of affected systems. The flaw does not yet receive a score in the Common Vulnerability Scoring System (CVSS). The risk increases because the […]
A new recently patched remote code execution bug in PHP7 lets hackers hijack the websites running on some NGINX and php-fpm configurations. The vulnerability can be tracked as CVE-2019-11043. The vulnerability resides in env_path_info in the file fpm_main.c of the FPM component. The FPM is the php-fpm module used for performance enhancement. The manipulation of […]
If you use a PHP-based website on an NGINX server and you have PHP-FPM turned on for better performance, watch out for a newly discovered vulnerability that could allow unauthorized users to hack your website’s server remotely. The vulnerability discovered as CVE-2019-11043 concerns websites with certain PHP-FPM configurations, which are reported to be not unusual […]
If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the […]
One of the most important software companies NGINX, which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks, in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you […]
2 Ton Digital – a company which provides products, services and support for any company or individual that is interested in security, network performance, website speed and hardware efficiency – is claiming that they have made a web server called rwasa which is faster than nginx and lighttpd. rwasa is build using 2 Ton Digital’s HeavyThing […]
Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.