Nginx Vhost Traffic Status Information Disclosure

medium Web App Scanning Plugin ID 112922

Synopsis

Nginx Vhost Traffic Status Information Disclosure

Description

It is possible to obtain an overview of the remote Nginx web server's Vhost traffic activity and performance by requesting the URL '/status'. This overview includes information such as current hosts, server version and requests being processed, the number of workers idle and service requests, and CPU utilization.

Solution

If required, update Nginx's configuration file(s) to either disable the VTS module or ensure that access is limited to valid users / hosts.

See Also

https://github.com/vozlt/nginx-module-vts

Plugin Details

Severity: Medium

ID: 112922

Type: remote

Published: 7/30/2021

Updated: 11/26/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information