Open Source Packages nginx Vulnerabilities in RSA Web Threat Detection
Originally Published: 2016-05-24
Article Number
Applies To
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1 --> 6.0
Issue
A customer may detect vulnerabilities in the version 5.1x.
The scan may suggest versions certified for RSA WTD 5.1.2.10.
RSA WTD version 5.x uses Required version
Nginx 1.0.15-12 1.8.1
nginx is an HTTP server, reverse proxy, and mail proxy server. nginx is prone to the following security vulnerabilities:
- nginx is prone to a denial-of-service vulnerability. Specifically, this issue occurs because invalid pointer dereference in resolver.[CVE-2016-0742]
- nginx is prone to a denial-of-service vulnerability because use-after-free in resolver during CNAME response processing. [CVE-2016-0746]
- nginx is prone to a denial-of-service vulnerability. Specifically, this issue occurs because insufficient limits of CNAME resolution in resolver. [CVE-2016- 0747] Attackers can exploit these issues to cause denial-of-service conditions.
Resolution
From this work, it was determined by the Web Threat Detection core team that the nginx server needs to be replaced with version 1.9.10 or the latest stable release.
The next WTD version, which has a planned release for the end of October 2016, will contain the newer nginx release and the vulnerabilities will be resolved.
Notes
- We want to stress that WTD is not customer facing.
- WTD is not deployed on the DMZ or any other areas accessible from outside, i.e. no traffic to/from WTD leaves a safe perimeter.
- It is actually accessed by a few security/threat analysts and the system admin.
- The risk that a malicious user will attack WTD and the system will be crashed is rather low.
- NGINX provides no patches for these issues, but recommends to upgrade to 1.9.10 version.
- From our point of view current situation is not dangerous enough to require an immediate action.
- Upgrading to a new nginx version is not appropriate for current WTD 6.0 implementations as it require changes in installation and deployment processes. This may cause unknown side effects.
Related Articles
ScoutProxy no longer is started automatically in RSA Web Threat Detection Number of Views RSA Authenticator 4.5.3 for iOS and Android Administrator Guide Number of Views RSA January 2024 Release Announcements Number of Views RSA January Release Announcements Number of Views Does the RSA Authenticator App for iOS and Android Work in China? Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.4.3 for Microsoft Windows Group Policy Object Template Guide RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide How to configure RSA Authentication Manager 8.1, 8.2, 8.3 to send data to multiple remote syslog servers
Don't see what you're looking for?
