CVE-2013-2070
published 2013-07-20CVE-2013-2070: http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote…
medium5.8CVSS 3.1
AVNACMAuNCPINAP
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | nginx | < nginx 1.4.1-1 (bookworm) | nginx 1.4.1-1 (bookworm) |
| f5 | nginx | >= 0 < 1.4.1-1 | 1.4.1-1 |
| f5 | nginx | >= 0 < 1.4.1-1 | 1.4.1-1 |
| f5 | nginx | >= 0 < 1.4.1-1 | 1.4.1-1 |
| f5 | nginx | >= 0 < 1.4.1-1 | 1.4.1-1 |
| f5 | nginx | 1.1.4 – 1.2.8 | — |
| f5 | nginx | 1.3.9 – 1.4.0 | — |
CVSS provenance
nvd5.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv7.5HIGH