[NGINX:CVE-2012-1180] Memory disclosure with specially crafted backend responses
Severity
Major
Affected Packages
1
Unaffected Packages
2
CVEs
1
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 0.1.0, <= 1.1.16 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.1.17 |
pkg:nginx/nginx | >= 1.0.14 |
- ID
- NGINX:CVE-2012-1180
- Severity
- major
- Published
-
2012-04-17T21:55:01
(12 years ago) - Modified
-
2012-04-17T21:55:01
(12 years ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |