Описание
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.28.1-3ubuntu1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | needed | |
| esm-infra/focal | needed | |
| esm-infra/xenial | needed | |
| jammy | released | 1.18.0-6ubuntu14.8 |
| noble | released | 1.24.0-2ubuntu7.6 |
| questing | released | 1.28.0-6ubuntu1.1 |
| upstream | released | 1.28.1-3 |
Показывать по
5.9 Medium
CVSS3
Связанные уязвимости
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...
5.9 Medium
CVSS3