CVE-2013-2070

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

History

10 Nov 2021, 15:59

Type Values Removed Values Added
CPE cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:* cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

Information

Published : 2013-07-20 03:37

Updated : 2023-12-10 11:16


NVD link : CVE-2013-2070

Mitre link : CVE-2013-2070

CVE.ORG link : CVE-2013-2070


JSON object : View

Products Affected

f5

  • nginx

debian

  • debian_linux