Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-1180

Published: 17/04/2012 Updated: 10/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to F5

Vulnerability Summary

Use-after-free vulnerability in nginx prior to 1.0.14 and 1.1.x prior to 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 nginx

fedoraproject fedora 15

fedoraproject fedora 16

fedoraproject fedora 17

debian debian linux 6.0

Vendor Advisories

Debian CVElist Bug Report Logs: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers
Debian Bug report logs - #664137 [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers Package: nginx; Maintainer for nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Source for nginx is src:nginx (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg& ...
Debian Security Advisories: DSA-2434-1 nginx -- sensitive information leak
Matthew Daley discovered a memory disclosure vulnerability in nginx In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information For the stable distribution (squeeze), this problem has been fixed ...
Amazon Linux AMI: ALAS-2012-063
Use-after-free vulnerability in nginx before 1014 and 11x before 1117 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request ...

References

CWE-416http://nginx.org/en/security_advisories.htmlhttp://nginx.org/download/patch.2012.memory.txthttp://trac.nginx.org/nginx/changeset/4531/nginxhttp://www.openwall.com/lists/oss-security/2012/03/15/5http://www.openwall.com/lists/oss-security/2012/03/15/9http://seclists.org/bugtraq/2012/Mar/65http://trac.nginx.org/nginx/changeset/4530/nginxhttps://bugzilla.redhat.com/show_bug.cgi?id=803856http://www.securityfocus.com/bid/52578http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.htmlhttp://secunia.com/advisories/48465http://www.securitytracker.com/id?1026827http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.htmlhttp://security.gentoo.org/glsa/glsa-201203-22.xmlhttp://secunia.com/advisories/48577http://osvdb.org/80124https://exchange.xforce.ibmcloud.com/vulnerabilities/74191https://hermes.opensuse.org/messages/14173096http://www.debian.org/security/2012/dsa-2434http://www.mandriva.com/security/advisories?name=MDVSA-2012:043https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664137https://nvd.nist.govhttps://www.debian.org/security/./dsa-2434
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook