Severe Nginx flaws expose websites around the world to dangerous cyberattacks

Cybersecurity specialists reported the finding of some incorrect middleware configurations in Nginx that could expose compromised web applications to severe cyberattacks. Nginx is a modular, lightweight and open source web server, which has made it one of the most popular web solutions worldwide.

The report, prepared by security firm Detectify, mentions that the problem lies in Nginx’s versatility, considered its main attribute and which has served to operate on one in three websites worldwide: “At the end of 2020, we analyzed nearly 50,000 configuration files for Nginx downloaded from GitHub with Google BigQuery, finding a set of possibly incorrect settings that could allow the launch of various attacks”, the experts mention.

Errors detected in this analysis include root location issuance, unsafe variable usage, and raw backend response reading.

Frans Rosen, Researcher at Detectify, mentions that many of these misconfigurations are widely used in the wild: “Many organizations are currently turning to the implementation of reward programs for independent researchers to update their security systems, which certainly identified some of the flaws and developed proof of concept to demonstrate a potential exploitation scenario.”

Researchers also mention that more and more hosts have been detected using proxy solutions for static content against Google Cloud Storage and Amazon Web Services deployments in locations such as /media/, /images/, /sitemap/, and some similar locations with weak regular expressions, allowing HTTP splitting.

Other misconfigurations that would allow you to control proxy servers or access Nginx internal controls were also analyzed. The expert mentions that many of these flaws were not detected by Gixy, the static analyzer for Nginx created by russian firm Yandex, raising new questions about middleware security and the use of Nginx: “The versatility in the use of this solution and its great popularity among web administrators around the world lead us to conclude that such errors have always occurred and will continue to occur” Rosen adds. “It’s very easy to fall for these mistakes and we find no indication that something has happened until it’s too late.”

These kinds of reports help system administrators take the best security measures and prevent not only hacking incidents, but also reduce the chances of making configuration errors that can bring problems to the end. To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.