CVE - CVE-2012-1180

CVE-ID
CVE-2012-1180	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20120315 nginx fix for malformed HTTP responses from upstream servers URL:http://seclists.org/bugtraq/2012/Mar/65 MLIST:[oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers URL:http://www.openwall.com/lists/oss-security/2012/03/15/5 MLIST:[oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers URL:http://www.openwall.com/lists/oss-security/2012/03/15/9 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=803856 CONFIRM:http://nginx.org/download/patch.2012.memory.txt CONFIRM:http://nginx.org/en/security_advisories.html CONFIRM:http://trac.nginx.org/nginx/changeset/4530/nginx CONFIRM:http://trac.nginx.org/nginx/changeset/4531/nginx FEDORA:FEDORA-2012-3846 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA:FEDORA-2012-3991 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA:FEDORA-2012-4006 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GENTOO:GLSA-201203-22 URL:http://security.gentoo.org/glsa/glsa-201203-22.xml BID:52578 URL:http://www.securityfocus.com/bid/52578 OSVDB:80124 URL:http://osvdb.org/80124 SECTRACK:1026827 URL:http://www.securitytracker.com/id?1026827 SECUNIA:48577 URL:http://secunia.com/advisories/48577 SECUNIA:48465 URL:http://secunia.com/advisories/48465 XF:nginx-ngxcpystrn-info-disclosure(74191) URL:http://xforce.iss.net/xforce/xfdb/74191
Date Entry Created
20120214	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2012-1180