Occasionally, we like to highlight interesting or significant security issues that users of NGINX Open Source and NGINX Plus might encounter. Application stacks are complex and it’s very easy to overlook obscure or unexpected ways that common features can be exploited. NGINX and NGINX Plus are a powerful way to both provide access to these features and…
Continue reading ›Mitigating the HTTPoxy Vulnerability with NGINX
On July 18th, a vulnerability named ‘HTTPoxy’ was announced, affecting some server‑side web applications that run in CGI or CGI‑like environments, such as some FastCGI configurations. Languages known to be affected so far include PHP, Python, and Go. A number of CVEs have been assigned, covering specific languages and CGI implementations: Apache HTTP Server (CVE-2016-5387)…
Continue reading ›