- This results is a False Positive and Cb Response is not vulnerable to these two CVEs.
- For Cb Response to be vulnerable would need to have a line like this in the NGINX config:
```listen 443 ssl http2 default_server;```
- You can validate the configuration by running the following:
```# grep -ir listen /etc/|grep nginx
/etc/cb/nginx/conf.d/cb.conf: # IMPORTANT: If listener configuration is updated here, make sure to
/etc/cb/nginx/conf.d/cb.conf: listen [::]:443 ssl ipv6only=off;
/etc/cb/nginx/conf.d/http.conf: # IMPORTANT: If listener configuration is updated here, make sure to
/etc/cb/nginx/conf.d/http.conf: listen [::]:80 ipv6only=off;
/etc/cb/nginx/conf.d/cb.multihome.conf.example:# 3. Update interface IP addresses in "listen..." statements below to match
/etc/cb/nginx/conf.d/cb.multihome.conf.example: listen [::]:443 ssl ipv6only=off;
/etc/cb/nginx/conf.d/cb.multihome.conf.example: listen [::]:443 ssl ipv6only=off;```