Open Source Packages nginx Vulnerabilities in RSA Web Threat Detection
Originally Published: 2016-05-24
Article Number
Applies To
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1 --> 6.0
Issue
A customer may detect vulnerabilities in the version 5.1x.
The scan may suggest versions certified for RSA WTD 5.1.2.10.
RSA WTD version 5.x uses Required version
Nginx 1.0.15-12 1.8.1
nginx is an HTTP server, reverse proxy, and mail proxy server. nginx is prone to the following security vulnerabilities:
- nginx is prone to a denial-of-service vulnerability. Specifically, this issue occurs because invalid pointer dereference in resolver.[CVE-2016-0742]
- nginx is prone to a denial-of-service vulnerability because use-after-free in resolver during CNAME response processing. [CVE-2016-0746]
- nginx is prone to a denial-of-service vulnerability. Specifically, this issue occurs because insufficient limits of CNAME resolution in resolver. [CVE-2016- 0747] Attackers can exploit these issues to cause denial-of-service conditions.
Resolution
From this work, it was determined by the Web Threat Detection core team that the nginx server needs to be replaced with version 1.9.10 or the latest stable release.
The next WTD version, which has a planned release for the end of October 2016, will contain the newer nginx release and the vulnerabilities will be resolved.
Notes
- We want to stress that WTD is not customer facing.
- WTD is not deployed on the DMZ or any other areas accessible from outside, i.e. no traffic to/from WTD leaves a safe perimeter.
- It is actually accessed by a few security/threat analysts and the system admin.
- The risk that a malicious user will attack WTD and the system will be crashed is rather low.
- NGINX provides no patches for these issues, but recommends to upgrade to 1.9.10 version.
- From our point of view current situation is not dangerous enough to require an immediate action.
- Upgrading to a new nginx version is not appropriate for current WTD 6.0 implementations as it require changes in installation and deployment processes. This may cause unknown side effects.
Related Articles
How to enable debug logs in RSA Web Threat Detection Number of Views How to download RSA Web Threat Detection patches and version upgrades on RSA Link Number of Views user/guid mapping in RSA Web Threat Detection Number of Views Which HTTP header methods are supported with RSA Web Threat Detection? Number of Views Change hostnames on a deployed production environment in RSA Web Threat Detection Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
Don't see what you're looking for?
