Vulnerability Background
A critical heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source is now being actively exploited in the wild, just days after its public disclosure. The flaw resides in the ngx_http_rewrite_module and affects NGINX versions 0.6.27 through 1.30.0. Introduced in 2008, this vulnerability allows an unauthenticated attacker to crash worker processes or potentially execute remote code by sending crafted HTTP requests.
Exploitation and Impact
While the vulnerability carries a high severity score, successful remote code execution is not straightforward. It requires specific NGINX configurations to be present and Address Space Layout Randomization (ASLR) to be disabled on the targeted system. Security researchers note that turning the heap overflow into reliable code execution is challenging under default configurations and on systems with ASLR enabled. However, the denial of service capability through worker crashes is easily exploitable on its own. Threat actors have already been observed attempting to weaponize the flaw against honeypot networks, though their ultimate objectives remain unclear. Users are strongly advised to apply the latest fixes from F5 to protect their systems. Separately, researchers have also detected exploitation activity targeting two critical vulnerabilities in openDCIM, an open source data center infrastructure management application.
Source: The Hacker News
