Description

NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX. NGINX Plus has exclusive enterprise grade features beyond what's available in the open source offering, including session persistence, configuration via API, and active health checks.

NGINX+ contains a ngx_http_status_module module that provides access to various status information. Acunetix determined that it was possible to access this interface without authentication.

It's recommended to restrict access to the NGINX+ Status module as it may contain information that could be useful for an attacker.

Remediation

Restrict access to the NGINX+ Status module.

References

Module ngx_http_status_module

Related Vulnerabilities

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Ruby on Rails weak/known secret token

WordPress Plugin WordPress Social Stream Information Disclosure (1.6)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.12)

WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure