nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
|
SecurityTracker Alert ID: 1026827 |
SecurityTracker URL: http://securitytracker.com/id/1026827
|
CVE Reference:
CVE-2012-1180
(Links to External Site)
|
Date: Mar 20 2012
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to versions 1.0.14, 1.1.17
|
Description:
A vulnerability was reported in nginx. A remote user can obtain portions of system memory.
A remote server can return a specially crafted HTTP response to cause the target system to reply with data from previously freed memory locations.
Matthew Daley reported this vulnerability.
|
Impact:
A remote user can obtain portions of system memory.
|
Solution:
The vendor has issued a fix (1.0.14, 1.1.17).
The vendor's advisory is available at:
http://nginx.org/en/security_advisories.html
|
Vendor URL: nginx.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|