Security firm Imperva found four potential security vulnerabilities in HTTP/2, and one affects older versions of NGINX. Here are mitigation suggestions.
Use NGINX/NGINX Plus to prevent the HTTPoxy vulnerability, which attacks CGI and FastCGI-like application interfaces, from being exploited on your servers.
Learn how to protect NGINX and NGINX Plus from the recent NGINX POODLE attack (CVE-2014-3566) against SSLv3
Get details about NGINX and the CVE-2014-6271 Bash advisory. Find out if you are running on an affected host system, and upgrade bash if necessary