- Plesk 12.0 for Linux
- Plesk 12.5 for Linux
- Plesk Onyx for Linux
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
For more information, please refer to the following resource:
As it is described in vulnerability description the issue can be fixed by upgrade to nginx 1.13.3 or at leas 1.12.1. However, it is not possible to upgrade nginx package on Plesk server because it uses own sw-nginx build.
The issue is submitted as bug #PPPM-6714 and will be fixed in future Plesk releases.
As a workaround, perform the following:
Connect to the server using SSH
create additional configuration file for nginx and add
# cat /etc/nginx/conf.d/cve.conf
restart nginx service to apply changes:
# service nginx restart