From $URL : nginx offers the ability for its http proxy module to talk to an origin server over https. However, it does not verify the identity of the origin server in this case, which leaves it subject to MITM attacks between the proxy and the origin server. Sadly, this appears to be unfixed for over a year after it was first reported: http://trac.nginx.org/nginx/ticket/13 some patch review starts over here, but doesn't seem to reach any resolution: http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001182.html As far as i can tell, there is no CVE assigned for this yet.
This appears to be fixed in 1.7.0 . From http://nginx.org/en/CHANGES : *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. See also: http://trac.nginx.org/nginx/ticket/13 http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
nginx 1.7.4 is now the only ebuild in the tree. @Security, please vote on GLSA
GLSA Vote: No
