Description

NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX. NGINX Plus has exclusive enterprise grade features beyond what's available in the open source offering, including session persistence, configuration via API, and active health checks.

NGINX+ contains a ngx_http_status_module module that provides access to various status information. Acunetix determined that it was possible to access this interface without authentication.

It's recommended to restrict access to the NGINX+ Status module as it may contain information that could be useful for an attacker.

Remediation

Restrict access to the NGINX+ Status module.

References

Module ngx_http_status_module

Related Vulnerabilities

WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.14)

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1892)

WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure