Highly critical vulnerability fixed in Nginx Web server software

Nginx 1.4.1 and 1.5.0 address remote code execution flaw that could lead to compromised servers

The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers.

Identified as CVE-2013-2028, the vulnerability is a stack-based buffer overflow and was first introduced in the Nginx 1.3.9 development version back in November 2012. The flaw is also present in the 1.4.0 stable version released last month.

The bug, which has been rated as highly critical by vulnerability management firm Secunia, was fixed in the new Nginx 1.4.1 stable version and Nginx 1.5.0 development version. The vulnerability can be exploited by malicious attackers by sending specially crafted HTTP chunks to an exposed Nginx server.

Successful exploitation can lead to arbitrary code execution and system compromise, Secunia said in its advisory.

Nginx is developed with performance and low memory usage in mind and can be used as an HTTP server, as a reverse proxy server and as a load balancer. This makes it appealing to websites that receive a considerable amount of traffic.

Nginx is the third most widely used Web server software on the Internet after Apache and Microsoft IIS with a market share of over 15 percent, according to a recent Web server survey by Internet services firm Netcraft.

The software's growing popularity has, however, also attracted the attention of cybercriminals. On Tuesday, researchers from security vendor ESET reported the discovery of a sophisticated backdoor program designed specifically for Nginx servers. The existence of this malicious program is evidence that cybercriminals are no longer only targeting the most popular software.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitysoftwaresecuniaesetWeb serverspatchesExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?