PT-2019-8800 · Nginx · Nginx
Published
2019-03-07
·
Updated
2019-03-18
·
CVE-2018-11783
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
nginx versions 6.0.0 through 6.0.3
nginx versions 7.0.0 through 7.1.5
nginx versions 8.0.0 through 8.0.1
Description
The issue arises from the sslheaders plugin, which extracts client certificate information and sets request headers based on its configuration. However, in certain scenarios, the plugin fails to strip these headers from the request.
Recommendations
For versions 6.0.0 through 6.0.3, update to a version outside of this range to resolve the issue.
For versions 7.0.0 through 7.1.5, update to a version outside of this range to resolve the issue.
For versions 8.0.0 through 8.0.1, update to a version outside of this range to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nginx