Dossier
ngx_http_rewrite_module
Coverage of ngx_http_rewrite_module in the Nexus archive.
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers discovered multiple security vulnerabilities in NGINX Plus and NGINX Open, including a critical 18-year-old flaw that allows unauthenticated remote code execution. The vulnerability is a heap buffer overflow issue impacting ngx_http_rewrite_module with a CVSS v4 score of 9.2. This flaw could enable attackers to achieve remote code execution or cause crashes.