Undisclosed Requests Can Cause NGINX Worker Processes to Terminate
CVE-2024-24990
7.5HIGH
Key Information
- Vendor
- F5
- Status
- Nginx Plus
- Nginx Open Source
- Vendor
- CVE Published:
- 14 February 2024
Badges
đź“° News Worthy
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Affected Version(s)
NGINX Plus < R31
NGINX Plus < R30
NGINX Open Source < 1.25.4
News Articles
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
First article discovered by securityonline.info
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database1 News Article(s)
Credit
F5