FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2070

This CVE name corresponds to:

Entered Topic
2013-05-07 nginx -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-2070 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-2070
Phase Assigned(20130219)

Description

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

References

Source Reference
MLIST [nginx-announce] 20130513 nginx security advisory (CVE-2013-2070)
MLIST [oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028)
MLIST [oss-security] 20130513 nginx security advisory (CVE-2013-2070)
MISC http://nginx.org/download/patch.2013.proxy.txt
MISC https://bugzilla.redhat.com/show_bug.cgi?id=962525
DEBIAN DSA-2721
FEDORA FEDORA-2013-8182
GENTOO GLSA-201310-04
BID 59824
SECUNIA 55181
XF nginx-cve20132070-dos(84172)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.