Solved: NGINX Upgrade

RJohnson_MEM · ‎08-12-2021

I'm getting the following finding from Tenable:

"Synopsis
The remote web server is affected by an information disclosure vulnerability.

Description
According to its Server response header, the installed version of nginx is prior to 1.17.7. It is, therefore, affected by an information disclosure vulnerability."

I'm running SHD 2.5.1, nginx version 1.16.1

Is there a way to upgrade NGINX to a newer version?

anshumansingh · ‎09-20-2022

Hi @RJohnson_MEM

The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.

View solution in original post

ksram · ‎09-06-2021

HI @RJohnson_MEM Currently we don't support out of band upgrade of NGINX. We will evaluate the feasibility of updating this on our next major release (provided upstream OS (Photon) has the updates available).

-Thanks

Ram

ThinkDarb · ‎11-23-2021

Has an update for this been released yet?

JamesKing75 · ‎05-26-2022

First, run

sudo apt-get install software-properties-common python-software-properties

Then, add the nginx stable repo:

sudo add-apt-repository ppa:nginx/stable

then run

sudo apt-get update

and.

sudo apt-get install nginx

anshumansingh · ‎09-14-2022

Hi @RJohnson_MEM

SHD latest version 3.5.0 uses nginx-1.16.1-5.ph3.x86_64, which has fix for CVE-2021-23017 , this SHD build will be available by early next week

Request you to please update your SHD instance to its latest version to get the vulnerability resolved.

anshumansingh · ‎09-20-2022

Hi @RJohnson_MEM

The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.

All

NGINX Upgrade