CVE-2013-2070 — F5 Nginx vulnerability

8 documents7 sources

Severity

5.8MEDIUMNVD

CNA7.5OSV7.5

EPSS

4.6%

top 10.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Nginx Debian Linux

Timeline

PublishedJul 20

Latest updateMay 13

Description

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debianf5/nginx< 1.4.1-1+3

▶NVDf5/nginx1.1.4 — 1.2.8+1

Also affects: Debian Linux 6.0, 7.0

Patches

Patch: mailman.nginx.org ↗Patch: nginx.org ↗Patch: seclists.org ↗

🔴Vulnerability Details

GHSA

GHSA-wwq6-8qmj-449j: http/modules/ngx_http_proxy_module↗2022-05-13

▶

OSV

CVE-2013-2070: http/modules/ngx_http_proxy_module↗2013-07-20

▶

CVEList

CVE-2013-2070: http/modules/ngx_http_proxy_module↗2013-07-18

▶

💥Exploits & PoCs

Exploit-DB

DELL Quest One Password Manager - CAPTCHA Security Bypass↗2011-10-21

▶

📋Vendor Advisories

Debian

CVE-2013-2070: nginx - http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 thro...↗2013

▶

💬Community

Bugzilla

CVE-2013-2070 nginx: denial of service or memory disclosure when using proxy_pass↗2013-05-13

▶

Bugzilla

CVE-2013-2070 nginx: denial of service or memory disclosure when using proxy_pass [fedora-18]↗2013-05-13

▶