Description

NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX. NGINX Plus has exclusive enterprise grade features beyond what's available in the open source offering, including session persistence, configuration via API, and active health checks.

NGINX+ contains a ngx_http_status_module module that provides access to various status information. Acunetix determined that it was possible to access this interface without authentication.

It's recommended to restrict access to the NGINX+ Status module as it may contain information that could be useful for an attacker.

Remediation

Restrict access to the NGINX+ Status module.

References

Related Vulnerabilities