A webserver like Apache and NGINX are way more complex than they look. It's sometimes possible to exploit bugs with benign/simple requests, even if you don't run advanced stacks on them. See [0] for example.
If you're not running strict firewall rules to limit your SSH access and if you expose other services outside, they also need constant patching against newer attacks.
Lastly, security standards evolve. Your SSH and SSL layers need to be kept up to date to patch holes and add newer algorithms while deprecating others, further reducing the attack surface [1].
If you're not running strict firewall rules to limit your SSH access and if you expose other services outside, they also need constant patching against newer attacks.
Lastly, security standards evolve. Your SSH and SSL layers need to be kept up to date to patch holes and add newer algorithms while deprecating others, further reducing the attack surface [1].
[0]: https://www.exploit-db.com/exploits/50383
[1]: https://lists.mindrot.org/pipermail/openssh-unix-announce/20...