Описание
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nginx | fixed | 1.9.1-1 | package | |
| nginx | no-dsa | jessie | package | |
| nginx | no-dsa | squeeze | package | |
| nginx | no-dsa | wheezy | package |
Примечания
http://trac.nginx.org/nginx/ticket/13
Upstream commit: http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
Связанные уязвимости
CVSS3: 4.8
ubuntu
около 6 лет назад
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS3: 4.8
nvd
около 6 лет назад
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS3: 4.8
github
почти 4 года назад
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)