CVE-2012-1180
published 2012-04-17CVE-2012-1180: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via…
medium5CVSS 3.1
AVNACLAuNCPINAN
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | nginx | < nginx 1.1.17-1 (bookworm) | nginx 1.1.17-1 (bookworm) |
| f5 | nginx | >= 0 < 1.1.17-1 | 1.1.17-1 |
| f5 | nginx | >= 0 < 1.1.17-1 | 1.1.17-1 |
| f5 | nginx | >= 0 < 1.1.17-1 | 1.1.17-1 |
| f5 | nginx | >= 0 < 1.1.17-1 | 1.1.17-1 |
| f5 | nginx | >= 0.1.0 < 1.0.14 | 1.0.14 |
| f5 | nginx | >= 1.1.0 < 1.1.17 | 1.1.17 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM