PCI scan is failing on nginx due to CVE-2013-4547

Created:

2016-11-16 13:04:35 UTC

Modified:

2017-08-16 16:26:25 UTC

0

Was this article helpful?


Have more questions?

Submit a request

PCI scan is failing on nginx due to CVE-2013-4547

Applicable to:

  • Plesk 11.x for Linux

Symptoms

PCI Compliance scan is failing on nginx due to CVE-2013-4547 that affects nginx 0.8.41 - 1.5.6 versions (fixed in nginx 1.5.7 and 1.4.4 ).

Cause

Plesk 11.0.9 and 11.5.30 are shipped with potentially vulnerable nginx versions (1.3 and 1.5 accordingly) although default nginx configuration is not affected. However if you have some nginx configuration customization in place it is recommended to apply workaround described in http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html .

Resolution

The fix for assigned PPPM-1692 will be provided in the one of further updates. As a temporary workaround the following configuration can be used in each server{} block:

if ($request_uri ~ " ") {
return 444;
}

Another possible solution is to upgrade Plesk to the latest 12.0.18 version that is shipped with nginx 1.6 version.

Have more questions? Submit a request
Please sign in to leave a comment.