CRE-2025-0055

Nginx upstream buffer size too smallMedium

Impact: 8/10

Mitigation: 3/10

CRE-2025-0055View on GitHub

NginxConfigurationProxyHeader SizeBuffer

Description

Nginx reports that an upstream server is sending headers that exceed the configured buffer size limits. This typically happens when the upstream application sends responses with large headers, cookies, or other header fields that don't fit in the default buffer allocation. When this occurs, Nginx cannot properly proxy the response to clients, resulting in HTTP errors.

Mitigation

- Increase the proxy_buffer_size and proxy_buffers settings in the nginx configuration: proxy_buffer_size 16k; proxy_buffers 4 16k; - For very large headers, you may need to adjust to even higher values - Add the configuration either in the http, server, or location context depending on where it's needed - After changing configuration values, test and reload nginx: nginx -t && nginx -s reload - Long term: Review upstream applications to determine if header/cookie size can be reduced - Consider using server-side session storage instead of large cookies - If using JWT tokens in headers, evaluate if they can be made smaller

References

• http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
• https://ma.ttias.be/nginx-proxy-upstream-sent-big-header-upstream-response-headers/
• https://serverfault.com/questions/587386/nginx-error-upstream-sent-too-big-header-while-reading-response-header-from-upstr