A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
Present
Нужны дополнительные условия
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
None
Нет утечки данных
Integrity
High
Полная модификация данных
Availability
None
Нет нарушения работы
CVSS Vector v4.0