Описание
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | nginx:1.24/nginx | Affected | ||
| Red Hat Enterprise Linux 9 | nginx | Affected | ||
| Red Hat Hardened Images | nginx | Affected | ||
| Red Hat Lightspeed proxy 1 | insights-proxy/insights-proxy-container-rhel9 | Affected | ||
| Red Hat Enterprise Linux 10 | nginx | Fixed | RHSA-2026:4705 | 17.03.2026 |
| Red Hat Enterprise Linux 9 | nginx | Fixed | RHSA-2026:3638 | 03.03.2026 |
| Red Hat Enterprise Linux 9 | nginx | Fixed | RHSA-2026:4235 | 10.03.2026 |
| Red Hat Discovery 2 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2026:4501 | 12.03.2026 |
| Red Hat Update Infrastructure 5 | rhui5/cds-rhel9 | Fixed | RHSA-2026:4943 | 18.03.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...
EPSS
5.9 Medium
CVSS3