A security warning issued for nginx has received an update from the BSI. You can read a description of the security gap including the latest updates as well as information about the affected Linux and UNIX operating systems and products here.
The Federal Office for Security in Information Technology (BSI) released an update on May 7th, 2024 to a security vulnerability for nginx that became known on August 14th, 2019. The security vulnerability affects the operating systems Linux and UNIX as well as the products Debian Linux, Juniper JUNOS, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Open Source Arch Linux and NGINX NGINX.
The latest manufacturer recommendations regarding updates, workarounds and security patches for this vulnerability can be found here: Ubuntu Security Notice USN-6754-2 (As of: May 7, 2024). Other useful resources are listed later in this article.
Security advisory for nginx – risk: medium
Risk level: 3 (medium)
CVSS Base Score: 7,5
CVSS Temporal Score: 6,5
Remoteangriff: Ja
The Common Vulnerability Scoring System (CVSS) is used to assess the severity of vulnerabilities in computer systems. The CVSS standard makes it possible to compare potential or actual security vulnerabilities based on various criteria in order to create a priority list for taking countermeasures. The attributes “none”, “low”, “medium”, “high” and “critical” are used to determine the severity levels of a vulnerability. The Base Score evaluates the requirements for an attack (including authentication, complexity, privileges, user interaction) and its consequences. With the temporal score, framework conditions that can change over time are taken into account in the evaluation. The risk of the vulnerability discussed here is classified as “medium” according to the CVSS with a base score of 7.5.
nginx Bug: Multiple vulnerabilities allow denial of service
nginx is a modular web server software that supports functionalities such as reverse or email proxy through various modules. Nginx is distributed under the BSD license.
A remote, anonymous attacker can exploit multiple vulnerabilities in nginx to conduct a denial of service attack.
The vulnerability is identified with the unique CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2019-9511, CVE-2019-9513 und CVE-2019-9516 traded.
Systems affected by the nginx security vulnerability at a glance
Operating systems
Linux, UNIX
Products Users of the affected systems should keep them up to date. When security gaps become known, manufacturers are required to fix them as quickly as possible by developing a patch or a workaround. If new security updates become available, install them promptly. For information, consult the sources listed in the next section. These often contain further information about the latest version of the software in question as well as the availability of security patches or information about workarounds. If you have any further questions or uncertainties, please contact your responsible administrator. IT security managers should regularly check when the IT security warning Affected manufacturers provide a new security update. Here you will find further links with information about bug reports, security fixes and workarounds. Ubuntu Security Notice USN-6754-2 vom 2024-05-07 (07.05.2024) Juniper Security Advisory JSA11167 vom 2021-04-16 (15.04.2021) SUSE Security Update SUSE-SU-2021:0932-1 vom 2021-03-24 (24.03.2021) Oracle Linux Security Advisory ELSA-2020-5495 vom 2020-12-18 (17.12.2020) Red Hat Security Advisory RHSA-2020:3192 vom 2020-07-28 (28.07.2020) Red Hat Security Advisory RHSA-2020:2067 vom 2020-05-18 (17.05.2020) Debian Security Advisory DSA-4669 vom 2020-04-30 (29.04.2020) Red Hat Security Advisory RHSA-2020:1445 vom 2020-04-14 (14.04.2020) Red Hat Security Advisory RHSA-2020:0983 vom 2020-03-26 (26.03.2020) Red Hat Security Advisory RHSA-2020:0922 vom 2020-03-23 (22.03.2020) Red Hat Security Advisory RHSA-2019:4020 vom 2019-11-28 (27.11.2019) Red Hat Security Advisory RHSA-2019:4021 vom 2019-11-26 (26.11.2019) Red Hat Security Advisory RHSA-2019:4019 vom 2019-11-26 (26.11.2019) Red Hat Security Advisory RHSA-2019:4018 vom 2019-11-26 (26.11.2019) Red Hat Security Advisory RHSA-2019:3932 vom 2019-11-20 (20.11.2019) Red Hat Security Advisory RHSA-2019:3935 vom 2019-11-20 (20.11.2019) Red Hat Security Advisory RHSA-2019:3933 vom 2019-11-20 (20.11.2019) Red Hat Security Advisory RHSA-2019:3041 vom 2019-10-14 (14.10.2019) SUSE Security Update SUSE-SU-2019:2559-1 vom 2019-10-04 (06.10.2019) Red Hat Security Advisory RHSA-2019:2955 vom 2019-10-02 (03.10.2019) Red Hat Security Advisory RHSA-2019:2966 vom 2019-10-03 (03.10.2019) Red Hat Security Advisory RHSA-2019:2949 vom 2019-10-01 (01.10.2019) Red Hat Security Advisory RHSA-2019:2950 vom 2019-10-01 (01.10.2019) Red Hat Security Advisory RHSA-2019:2946 vom 2019-10-01 (30.09.2019) Red Hat Security Advisory RHSA-2019:2939 vom 2019-10-01 (30.09.2019) Red Hat Security Advisory RHSA-2019:2925 vom 2019-09-30 (29.09.2019) SUSE Security Update SUSE-SU-2019:2473-1 vom 2019-09-26 (26.09.2019) Oracle Linux Errata ELSA-2019-2799 vom 2019-09-19 (19.09.2019) Red Hat Security Advisory RHSA-2019:2799-01 vom 2019-09-17 (18.09.2019) Red Hat Security Advisory RHSA-2019:2775 vom 2019-09-17 (17.09.2019) Red Hat Security Advisory RHSA-2019:2745 vom 2019-09-12 (12.09.2019) Red Hat Security Advisory RHSA-2019:2746 vom 2019-09-12 (12.09.2019) Oracle Linux Security Advisory ELSA-2019-2692 vom 2019-09-11 (10.09.2019) Red Hat Security Advisory RHSA-2019:2692 vom 2019-09-10 (09.09.2019) SUSE Security Update SUSE-SU-2019:2309-1 vom 2019-09-06 (05.09.2019) Debian Security Advisory DSA-4511 vom 2019-09-02 (02.09.2019) Arch Linux Security Advisory ASA-201908-17 vom 2019-08-27 (27.08.2019) Debian Security Advisory DSA-4505 vom 2019-08-23 (22.08.2019) Arch Linux Security Advisory ASA-201908-13 vom 2019-08-17 (18.08.2019) Arch Linux Security Advisory ASA-201908-12 vom 2019-08-17 (18.08.2019) Ubuntu Security Notice USN-4099-1 vom 2019-08-16 (15.08.2019) NGINX Security Advisory vom 2019-08-14 (14.08.2019) This is the 35th version of this IT security advisory for nginx. This text will be updated as further updates are announced. You can read about changes or additions in this version history. August 14, 2019 – Initial version +++ Editorial note: This text was generated based on current BSI data and will be updated in a data-driven manner depending on the warning situation. We accept feedback and comments at [email protected]. +++ follow News.de already at Facebook, Twitter, Pinterest and YouTube? Here you will find hot news, current videos and a direct line to the editorial team. kns/roj/news.de
Debian Linux (cpe:/o:debian:debian_linux)
Juniper JUNOS (cpe:/o:juniper:junos)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:suse:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Open Source Arch Linux (cpe:/o:archlinux:archlinux)
Open Source nginx Open Source nginx Open Source nginx General measures for dealing with IT vulnerabilities
Manufacturer information on updates, patches and workarounds
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see:
For more information, see: Version history of this security alert
August 15, 2019 – New updates of Ubuntu added
08/18/2019 – New updates of Arch Linux and Fedora added
08/19/2019 – Reference(s) added: FEDORA-2019-63BA15CC83, FEDORA-2019-8A437D5C2F, FEDORA-2019-4427FD65BE
08/22/2019 – New updates from Debian added
08/27/2019 – New updates of Arch Linux and Fedora added
Sep 2, 2019 – New updates from Debian added
09/05/2019 – New updates from SUSE added
Sep 9, 2019 – New updates from Red Hat added
September 10, 2019 – New updates of Oracle Linux added
Sep 12, 2019 – New updates from Red Hat added
Sep 17, 2019 – New updates from Red Hat added
Sep 18, 2019 – New updates from Red Hat added
September 19, 2019 – New updates of Oracle Linux added
09/26/2019 – New updates from SUSE added
Sep 29, 2019 – New updates from Red Hat added
Sep 30, 2019 – New updates from Red Hat added
09/30/2019 – Version not available
10/01/2019 – New updates from Red Hat added
10/03/2019 – New updates from Red Hat added
October 6, 2019 – New updates from SUSE added
October 14, 2019 – New updates from Red Hat added
November 20, 2019 – New updates from Red Hat added
November 26, 2019 – New updates from Red Hat added
November 27, 2019 – New updates from Red Hat added
03/22/2020 – New updates from Red Hat added
03/26/2020 – New updates from Red Hat added
April 14, 2020 – New updates from Red Hat added
April 29, 2020 – New updates from Debian added
May 17, 2020 – New updates from Red Hat added
July 28, 2020 – New updates from Red Hat added
December 17, 2020 – New updates to Oracle Linux added
03/24/2021 – New updates from SUSE added
April 15, 2021 – New updates from Juniper added
May 7, 2024 – New updates of Ubuntu added