This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 30%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Hi,
We are getting a failed PCI scan reporting multiple issues with NGINX. There is literally nothing on the internet about how to fix this. PCI Compliance Manager wants us to upgrade the version of NGINX that Azure is using but I'm not sure we can even do that. See error message below. What do I do to make this scan pass? The web app that it's scanning is just a simple website or Azure App Service (xyz.azurewebsites.net).
Vulnerable nginx version detected on port 80 -
Server: nginx/1.16.1
CVE-2019-20372
CVE-2021-23017
Customers are advised to install nginx 1.21.0 or later versions to remediate this vulnerability.
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
Hi @Jason Dean , can you elaborate further on how you deploy your app code? Are you using a container image? Do you have any 3rd party library configured?
Hi @Ryan Hill ! Thanks for your response. I use an Azure DevOps pipeline to deploy the code. See screenshot. Deploy tasks are on version 4.*.
Thanks for the details @Jason Dean . How is your app service configured? I assuming your solution is .NET Core? I've heard of these errors on a Virtual Machine but not an App Service. I'd like to see if I can reproduce your issue.
@Ryan Hill .NET 4.8. AFAIK, I'm locked into that framework until I spend the time to convert the app to .NET Core. This will be a significant effort because the application is somewhat old and mature. I have been upgrading it over time but an entire .NET Core rewrite is not an option right now.
I just noticed that the Visual Studio Version in the build step is on VS 2017. Could that be an issue?
Tough to say @Jason Dean . It shouldn't be an issue but you can try changing it to Visual Studio 2019 and see if that makes any difference.
Definitely didn't work. I have upgraded pretty much everything I can think of and no dice. Any other ideas? Should I do a manual push from Visual Studio? Create a new Azure App?
Doing a manual push from Visual Studio isn't a bad idea but do it to a new app service. Let's see if that works.
Just to close the loop on this issue... I ended up having to create a new App Service and port the app over to that. I re-ran the PCI scan and everything is good.