CVE-2012-1180

2012-04-1721:55:01

CWE-416

redhat

web.nvd.nist.gov

nginx

vulnerability

use-after-free

remote server

http

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.002

Percentile

59.5%

JSON

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Affected configurations

Nvd

Node

f5nginxRange0.1.0–1.0.14

f5nginxRange1.1.0–1.1.17

Node

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

Node

debiandebian_linuxMatch6.0

VendorProductVersionCPE
f5nginx*cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
fedoraprojectfedora15cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
fedoraprojectfedora17cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	nginx	*	cpe:2.3:a:f5:nginx::::::::
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
fedoraproject	fedora	17	cpe:2.3:o:fedoraproject:fedora:17:::::::*
debian	debian_linux	6.0	cpe:2.3:o:debian:debian_linux:6.0:::::::*