Technology: nginx

ID	Title	Description	Category	Technology	Tags
CRE-2024-0043 Medium Impact: 6/10 Mitigation: 5/10	NGINX Upstream DNS Failure	When a NGINX upstream becomes unreachable or its DNS entry disappears, NGINX requests begin to fail.	Proxy Problems	nginx	Kafka Known Problem Public
CRE-2025-0044 High Impact: 9/10 Mitigation: 1/10	NGINX Config Uses Insecure TLS Ciphers	Detects NGINX configuration files that advertise obsolete and cryptographically weak ciphers (RC4-MD5, RC4-SHA, DES-CBC3-SHA). These ciphers are vulnerable to several well-known attacks—including BEAST, BAR-Mitzvah, Lucky-13, and statistical biases in RC4—placing any client–server communication at risk of interception or tampering.	Insecure Configuration	nginx	Nginx Weak Ciphers Security Configuration TLS Known Issue Public
CRE-2025-0051 High Impact: 9/10 Mitigation: 5/10	NGINX No Live Upstreams Available	NGINX is reporting that all backend servers in an upstream group are unavailable. This means that NGINX cannot route requests to any of its configured backend servers, resulting in client-facing errors.	Load Balancer Problems	nginx	Nginx Load Balancer Upstream Failure Connectivity
CRE-2025-0053 Medium Impact: 5/10 Mitigation: 3/10	NGINX Client Upload Size Limit Exceeded	NGINX server is receiving upload requests with bodies that exceed the configured size limits. This occurs when clients attempt to send files or data that are larger than what the server is configured to accept.	Web Server Problem	nginx	Nginx Upload Limits Configuration
CRE-2025-0054 Medium Impact: 7/10 Mitigation: 5/10	NGINX upstream connection timeout	NGINX reports an upstream timeout error when it cannot establish or maintain a connection to backend services within the configured timeout threshold. This occurs when backend services are unresponsive, overloaded, or when the timeout values are set too low for normal operation conditions. The error indicates that NGINX attempted to proxy a request to an upstream server, but the connection or read operation timed out before completion.	Proxy Timeout Problems	nginx	Nginx Timeout Proxy Backend Issue Networking
CRE-2025-0055 Medium Impact: 8/10 Mitigation: 3/10	Nginx upstream buffer size too small	Nginx reports that an upstream server is sending headers that exceed the configured buffer size limits. This typically happens when the upstream application sends responses with large headers, cookies, or other header fields that don't fit in the default buffer allocation. When this occurs, Nginx cannot properly proxy the response to clients, resulting in HTTP errors.	Web Server Problems	nginx	Nginx Configuration Proxy Header Size Buffer
CRE-2025-0056 Medium Impact: 8/10 Mitigation: 3/10	NGINX worker connections limit exceeded	NGINX has reported that the configured worker_connections limit has been reached. This indicates that the web server has exhausted the available connection slots for handling concurrent client requests. When this limit is reached, new connection attempts may be rejected until existing connections are closed, causing service degradation or outages.	Web Server Problems	nginx	Nginx Capacity Issue Web Server Configuration Public
CRE-2025-0075 Critical Impact: 10/10 Mitigation: 6/10	Nginx Upstream Failure Cascade Crisis	Detects critical Nginx upstream failure cascades that lead to complete service unavailability. This advanced rule identifies comprehensive upstream failure patterns including DNS resolution failures, connection timeouts, SSL/TLS handshake errors, protocol violations, and server unavailability, followed by HTTP 5xx error responses within a 60-second window. The rule uses optimized regex patterns for maximum detection coverage while maintaining high performance and low false-positive rates. It captures both the root cause (upstream failures) and the user-facing impact (HTTP errors) to provide complete incident context.	load-balancer-problem	nginx	Nginx Reverse Proxy Service Outage High Availability Load Balancer Cascading Failure