1. Home
  2. Vulnerabilities
  3. CVE-2012-1180

CVE-2012-1180

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.21 % (60th)
0.21% Progress
Affected Products 3
Advisories 8
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2012-04-17 21:55:01
(12 years ago)
Updated Date
2021-11-10 15:57:01
(2 years ago)

Affected Products

Debian

F5

Fedoraproject

Configuration #1

    CPE23 From Up To
  F5 Nginx from 0.1.0 version and prior 1.0.14 version cpe:2.3:a:f5:nginx >= 0.1.0 < 1.0.14
  F5 Nginx from 1.1.0 version and prior 1.1.17 version cpe:2.3:a:f5:nginx >= 1.1.0 < 1.1.17

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 15 cpe:2.3:o:fedoraproject:fedora:15
  Fedoraproject Fedora 16 cpe:2.3:o:fedoraproject:fedora:16
  Fedoraproject Fedora 17 cpe:2.3:o:fedoraproject:fedora:17

Configuration #3

    CPE23 From Up To
  Debian Linux 6.0 cpe:2.3:o:debian:debian_linux:6.0