CVE-2013-2070

CVSS v2.0 5.8 (Medium)

EPSS 1.43 % (87^th)

Affected Products 2

Advisories 6

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

Weaknesses

CWE-NVD-noinfo

Related CVEs

CVE-2013-2028

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-07-20 03:37:25
(11 years ago)
Updated Date: 2021-11-10 15:59:33
(2 years ago)

Affected Products

Debian

Debian Linux

F5

Nginx

Configuration #1

		CPE23	From	Up To
	F5 Nginx from 1.1.4 version and 1.2.8 and prior versions	cpe:2.3:a:f5:nginx	>= 1.1.4	<= 1.2.8
	F5 Nginx from 1.3.9 version and 1.4.0 and prior versions	cpe:2.3:a:f5:nginx	>= 1.3.9	<= 1.4.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 6.0	cpe:2.3:o:debian:debian_linux:6.0
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0