[NGINX:CVE-2012-1180] Memory disclosure with specially crafted backend responses
Severity
Major
Affected Packages
1
Unaffected Packages
2
CVEs
1
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 0.1.0, <= 1.1.16 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 1.1.17 |
|
pkg:nginx/nginx
|
>= 1.0.14 |
- ID
- NGINX:CVE-2012-1180
- Severity
- major
- Published
-
2012-04-17T21:55:01
(12 years ago) - Modified
-
2012-04-17T21:55:01
(12 years ago) - Rights
- NGINX Security Team
- Other Advisories
ALAS-2012-63
FEDORA-2012-3846
GLSA-201203-22| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |