I'm getting the following finding from Tenable:
"Synopsis
The remote web server is affected by an information disclosure vulnerability.
Description
According to its Server response header, the installed version of nginx is prior to 1.17.7. It is, therefore, affected by an information disclosure vulnerability."
I'm running SHD 2.5.1, nginx version 1.16.1
Is there a way to upgrade NGINX to a newer version?
The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.
HI @RJohnson_MEM Currently we don't support out of band upgrade of NGINX. We will evaluate the feasibility of updating this on our next major release (provided upstream OS (Photon) has the updates available).
-Thanks
Ram
Has an update for this been released yet?
First, run
sudo apt-get install software-properties-common python-software-properties
Then, add the nginx stable repo:
sudo add-apt-repository ppa:nginx/stable
then run
sudo apt-get update
and.
sudo apt-get install nginx
SHD latest version 3.5.0 uses nginx-1.16.1-5.ph3.x86_64, which has fix for CVE-2021-23017 , this SHD build will be available by early next week
Request you to please update your SHD instance to its latest version to get the vulnerability resolved.
The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.