Outdated Nginx webservers installed #4

sveeke · 2018-06-18T08:28:04Z

threatLevel="Low"
type="Outdated Software"

The following Nginx webservers are outdated and reveal their version number in the banner:

lti-dev2.edubadges.nl (145.101.112.188) - nginx 1.13.12 (released on 11/04/2018)
badgr-dev2.edubadges.nl (145.101.112.185) - nginx/1.12.2 (released on 18/10/2017)
surf-dev2.edubadges.nl (145.101.112.186) - nginx/1.12.2 (released on 18/10/2017)

Impact:
Although no security issues were found it is best practice to use the latest stable version. Also hiding the version number in the banner would make it more time consuming for an attacker to determine if a vulnerable version is installed or not.

Recommendation:
Upgrade to the latest version.
Have a good update policy implemented.
Hide the servername and especially version number in the banner.

The text was updated successfully, but these errors were encountered:

sveeke · 2018-06-18T08:30:37Z

The problem here is that we don't have a good update mechanism in place. We should think this through very carefully before we decide on a good way to maintain our software on our servers.

sveeke added the risk-low Security issues with a low impact label Jun 18, 2018

sveeke added this to the Pilot 2018 milestone Jun 18, 2018

sveeke added the bug-outdated label Jun 18, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Outdated Nginx webservers installed #4

Outdated Nginx webservers installed #4

sveeke commented Jun 18, 2018

sveeke commented Jun 18, 2018

Outdated Nginx webservers installed #4

Outdated Nginx webservers installed #4

Comments

sveeke commented Jun 18, 2018

sveeke commented Jun 18, 2018