CVE-2011-4968
published 2019-11-19CVE-2011-4968: nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | nginx | < nginx 1.9.1-1 (bookworm) | nginx 1.9.1-1 (bookworm) |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | — | — |
| f5 | nginx | >= 0 < 1.9.1-1 | 1.9.1-1 |
| f5 | nginx | >= 0 < 1.9.1-1 | 1.9.1-1 |
| f5 | nginx | >= 0 < 1.9.1-1 | 1.9.1-1 |
| f5 | nginx | >= 0 < 1.9.1-1 | 1.9.1-1 |
| nginx | nginx | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
osv4.8MEDIUM