Upgrading NGINX for Elasticsearch server vulnerability

We have nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE vulnerability for Elasticsearch server (v. 2.4.6) as mentioned in nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE | TenableĀ® we need to upgrade to 1.20.1 or later.

how would the process for this be? is it possible to only upgrade nginx or is their a need for elasticserach to be upgraded on compatible version as well?

Welcome to our community! :smiley:

You can see mitigation options here - Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.