Описание
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.1-1ubuntu2 |
| lucid | not-affected | 0.7.65-1ubuntu2.3 |
| precise | released | 1.1.19-1ubuntu0.2 |
| quantal | released | 1.2.1-2.2ubuntu0.1 |
| raring | released | 1.2.6-1ubuntu3.2 |
| upstream | released | 1.4.1-1 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
EPSS
5.8 Medium
CVSS2