Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1180

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1180
Last Modified 10 Jul 2012 12:28:25
Published 17 Apr 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1180

Summary

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Vulnerable Systems

Application

  • Igor Sysoev Nginx 0.1.0

  • Igor Sysoev Nginx 0.1.1

  • Igor Sysoev Nginx 0.1.10

  • Igor Sysoev Nginx 0.1.11

  • Igor Sysoev Nginx 0.1.12

  • Igor Sysoev Nginx 0.1.13

  • Igor Sysoev Nginx 0.1.14

  • Igor Sysoev Nginx 0.1.15

  • Igor Sysoev Nginx 0.1.16

  • Igor Sysoev Nginx 0.1.17

  • Igor Sysoev Nginx 0.1.18

  • Igor Sysoev Nginx 0.1.19

  • Igor Sysoev Nginx 0.1.2

  • Igor Sysoev Nginx 0.1.20

  • Igor Sysoev Nginx 0.1.21

  • Igor Sysoev Nginx 0.1.22

  • Igor Sysoev Nginx 0.1.23

  • Igor Sysoev Nginx 0.1.24

  • Igor Sysoev Nginx 0.1.25

  • Igor Sysoev Nginx 0.1.26

  • Igor Sysoev Nginx 0.1.27

  • Igor Sysoev Nginx 0.1.28

  • Igor Sysoev Nginx 0.1.29

  • Igor Sysoev Nginx 0.1.3

  • Igor Sysoev Nginx 0.1.30

  • Igor Sysoev Nginx 0.1.31

  • Igor Sysoev Nginx 0.1.32

  • Igor Sysoev Nginx 0.1.33

  • Igor Sysoev Nginx 0.1.34

  • Igor Sysoev Nginx 0.1.35

  • Igor Sysoev Nginx 0.1.36

  • Igor Sysoev Nginx 0.1.37

  • Igor Sysoev Nginx 0.1.38

  • Igor Sysoev Nginx 0.1.39

  • Igor Sysoev Nginx 0.1.4

  • Igor Sysoev Nginx 0.1.40

  • Igor Sysoev Nginx 0.1.41

  • Igor Sysoev Nginx 0.1.42

  • Igor Sysoev Nginx 0.1.43

  • Igor Sysoev Nginx 0.1.44

  • Igor Sysoev Nginx 0.1.45

  • Igor Sysoev Nginx 0.1.5

  • Igor Sysoev Nginx 0.1.6

  • Igor Sysoev Nginx 0.1.7

  • Igor Sysoev Nginx 0.1.8

  • Igor Sysoev Nginx 0.1.9

  • Igor Sysoev Nginx 0.2.0

  • Igor Sysoev Nginx 0.2.1

  • Igor Sysoev Nginx 0.2.2

  • Igor Sysoev Nginx 0.2.3

  • Igor Sysoev Nginx 0.2.4

  • Igor Sysoev Nginx 0.2.5

  • Igor Sysoev Nginx 0.2.6

  • Igor Sysoev Nginx 0.3.0

  • Igor Sysoev Nginx 0.3.1

  • Igor Sysoev Nginx 0.3.10

  • Igor Sysoev Nginx 0.3.11

  • Igor Sysoev Nginx 0.3.12

  • Igor Sysoev Nginx 0.3.13

  • Igor Sysoev Nginx 0.3.14

  • Igor Sysoev Nginx 0.3.15

  • Igor Sysoev Nginx 0.3.16

  • Igor Sysoev Nginx 0.3.17

  • Igor Sysoev Nginx 0.3.18

  • Igor Sysoev Nginx 0.3.19

  • Igor Sysoev Nginx 0.3.2

  • Igor Sysoev Nginx 0.3.20

  • Igor Sysoev Nginx 0.3.21

  • Igor Sysoev Nginx 0.3.22

  • Igor Sysoev Nginx 0.3.23

  • Igor Sysoev Nginx 0.3.24

  • Igor Sysoev Nginx 0.3.25

  • Igor Sysoev Nginx 0.3.26

  • Igor Sysoev Nginx 0.3.27

  • Igor Sysoev Nginx 0.3.28

  • Igor Sysoev Nginx 0.3.29

  • Igor Sysoev Nginx 0.3.3

  • Igor Sysoev Nginx 0.3.30

  • Igor Sysoev Nginx 0.3.31

  • Igor Sysoev Nginx 0.3.32

  • Igor Sysoev Nginx 0.3.33

  • Igor Sysoev Nginx 0.3.34

  • Igor Sysoev Nginx 0.3.35

  • Igor Sysoev Nginx 0.3.36

  • Igor Sysoev Nginx 0.3.37

  • Igor Sysoev Nginx 0.3.38

  • Igor Sysoev Nginx 0.3.39

  • Igor Sysoev Nginx 0.3.4

  • Igor Sysoev Nginx 0.3.40

  • Igor Sysoev Nginx 0.3.41

  • Igor Sysoev Nginx 0.3.42

  • Igor Sysoev Nginx 0.3.43

  • Igor Sysoev Nginx 0.3.44

  • Igor Sysoev Nginx 0.3.45

  • Igor Sysoev Nginx 0.3.46

  • Igor Sysoev Nginx 0.3.47

  • Igor Sysoev Nginx 0.3.48

  • Igor Sysoev Nginx 0.3.49

  • Igor Sysoev Nginx 0.3.5

  • Igor Sysoev Nginx 0.3.50

  • Igor Sysoev Nginx 0.3.51

  • Igor Sysoev Nginx 0.3.52

  • Igor Sysoev Nginx 0.3.53

  • Igor Sysoev Nginx 0.3.54

  • Igor Sysoev Nginx 0.3.55

  • Igor Sysoev Nginx 0.3.56

  • Igor Sysoev Nginx 0.3.57

  • Igor Sysoev Nginx 0.3.58

  • Igor Sysoev Nginx 0.3.59

  • Igor Sysoev Nginx 0.3.6

  • Igor Sysoev Nginx 0.3.60

  • Igor Sysoev Nginx 0.3.61

  • Igor Sysoev Nginx 0.3.7

  • Igor Sysoev Nginx 0.3.8

  • Igor Sysoev Nginx 0.3.9

  • Igor Sysoev Nginx 0.4.0

  • Igor Sysoev Nginx 0.4.1

  • Igor Sysoev Nginx 0.4.10

  • Igor Sysoev Nginx 0.4.11

  • Igor Sysoev Nginx 0.4.12

  • Igor Sysoev Nginx 0.4.13

  • Igor Sysoev Nginx 0.4.14

  • Igor Sysoev Nginx 0.4.2

  • Igor Sysoev Nginx 0.4.3

  • Igor Sysoev Nginx 0.4.4

  • Igor Sysoev Nginx 0.4.5

  • Igor Sysoev Nginx 0.4.6

  • Igor Sysoev Nginx 0.4.7

  • Igor Sysoev Nginx 0.4.8

  • Igor Sysoev Nginx 0.4.9

  • Igor Sysoev Nginx 0.5.0

  • Igor Sysoev Nginx 0.5.1

  • Igor Sysoev Nginx 0.5.10

  • Igor Sysoev Nginx 0.5.11

  • Igor Sysoev Nginx 0.5.12

  • Igor Sysoev Nginx 0.5.13

  • Igor Sysoev Nginx 0.5.14

  • Igor Sysoev Nginx 0.5.15

  • Igor Sysoev Nginx 0.5.16

  • Igor Sysoev Nginx 0.5.17

  • Igor Sysoev Nginx 0.5.18

  • Igor Sysoev Nginx 0.5.19

  • Igor Sysoev Nginx 0.5.2

  • Igor Sysoev Nginx 0.5.20

  • Igor Sysoev Nginx 0.5.21

  • Igor Sysoev Nginx 0.5.22

  • Igor Sysoev Nginx 0.5.23

  • Igor Sysoev Nginx 0.5.24

  • Igor Sysoev Nginx 0.5.25

  • Igor Sysoev Nginx 0.5.3

  • Igor Sysoev Nginx 0.5.4

  • Igor Sysoev Nginx 0.5.5

  • Igor Sysoev Nginx 0.5.6

  • Igor Sysoev Nginx 0.5.7

  • Igor Sysoev Nginx 0.5.8

  • Igor Sysoev Nginx 0.5.9

  • Igor Sysoev Nginx 0.6.0

  • Igor Sysoev Nginx 0.6.1

  • Igor Sysoev Nginx 0.6.10

  • Igor Sysoev Nginx 0.6.11

  • Igor Sysoev Nginx 0.6.12

  • Igor Sysoev Nginx 0.6.13

  • Igor Sysoev Nginx 0.6.14

  • Igor Sysoev Nginx 0.6.15

  • Igor Sysoev Nginx 0.6.16

  • Igor Sysoev Nginx 0.6.17

  • Igor Sysoev Nginx 0.6.18

  • Igor Sysoev Nginx 0.6.19

  • Igor Sysoev Nginx 0.6.2

  • Igor Sysoev Nginx 0.6.20

  • Igor Sysoev Nginx 0.6.21

  • Igor Sysoev Nginx 0.6.22

  • Igor Sysoev Nginx 0.6.23

  • Igor Sysoev Nginx 0.6.24

  • Igor Sysoev Nginx 0.6.25

  • Igor Sysoev Nginx 0.6.26

  • Igor Sysoev Nginx 0.6.27

  • Igor Sysoev Nginx 0.6.28

  • Igor Sysoev Nginx 0.6.29

  • Igor Sysoev Nginx 0.6.3

  • Igor Sysoev Nginx 0.6.30

  • Igor Sysoev Nginx 0.6.31

  • Igor Sysoev Nginx 0.6.4

  • Igor Sysoev Nginx 0.6.5

  • Igor Sysoev Nginx 0.6.6

  • Igor Sysoev Nginx 0.6.7

  • Igor Sysoev Nginx 0.6.8

  • Igor Sysoev Nginx 0.6.9

  • Igor Sysoev Nginx 0.7.0

  • Igor Sysoev Nginx 0.7.1

  • Igor Sysoev Nginx 0.7.10

  • Igor Sysoev Nginx 0.7.11

  • Igor Sysoev Nginx 0.7.12

  • Igor Sysoev Nginx 0.7.13

  • Igor Sysoev Nginx 0.7.14

  • Igor Sysoev Nginx 0.7.15

  • Igor Sysoev Nginx 0.7.16

  • Igor Sysoev Nginx 0.7.17

  • Igor Sysoev Nginx 0.7.18

  • Igor Sysoev Nginx 0.7.19

  • Igor Sysoev Nginx 0.7.2

  • Igor Sysoev Nginx 0.7.20

  • Igor Sysoev Nginx 0.7.21

  • Igor Sysoev Nginx 0.7.22

  • Igor Sysoev Nginx 0.7.23

  • Igor Sysoev Nginx 0.7.24

  • Igor Sysoev Nginx 0.7.25

  • Igor Sysoev Nginx 0.7.26

  • Igor Sysoev Nginx 0.7.27

  • Igor Sysoev Nginx 0.7.28

  • Igor Sysoev Nginx 0.7.29

  • Igor Sysoev Nginx 0.7.3

  • Igor Sysoev Nginx 0.7.30

  • Igor Sysoev Nginx 0.7.31

  • Igor Sysoev Nginx 0.7.32

  • Igor Sysoev Nginx 0.7.33

  • Igor Sysoev Nginx 0.7.34

  • Igor Sysoev Nginx 0.7.35

  • Igor Sysoev Nginx 0.7.36

  • Igor Sysoev Nginx 0.7.37

  • Igor Sysoev Nginx 0.7.38

  • Igor Sysoev Nginx 0.7.39

  • Igor Sysoev Nginx 0.7.4

  • Igor Sysoev Nginx 0.7.40

  • Igor Sysoev Nginx 0.7.41

  • Igor Sysoev Nginx 0.7.42

  • Igor Sysoev Nginx 0.7.43

  • Igor Sysoev Nginx 0.7.44

  • Igor Sysoev Nginx 0.7.45

  • Igor Sysoev Nginx 0.7.46

  • Igor Sysoev Nginx 0.7.47

  • Igor Sysoev Nginx 0.7.48

  • Igor Sysoev Nginx 0.7.49

  • Igor Sysoev Nginx 0.7.5

  • Igor Sysoev Nginx 0.7.50

  • Igor Sysoev Nginx 0.7.51

  • Igor Sysoev Nginx 0.7.52

  • Igor Sysoev Nginx 0.7.53

  • Igor Sysoev Nginx 0.7.54

  • Igor Sysoev Nginx 0.7.55

  • Igor Sysoev Nginx 0.7.56

  • Igor Sysoev Nginx 0.7.57

  • Igor Sysoev Nginx 0.7.58

  • Igor Sysoev Nginx 0.7.59

  • Igor Sysoev Nginx 0.7.6

  • Igor Sysoev Nginx 0.7.7

  • Igor Sysoev Nginx 0.7.8

  • Igor Sysoev Nginx 0.7.9

  • Igor Sysoev Nginx 0.8.0

  • Igor Sysoev Nginx 0.8.1

  • Igor Sysoev Nginx 0.8.10

  • Igor Sysoev Nginx 0.8.11

  • Igor Sysoev Nginx 0.8.12

  • Igor Sysoev Nginx 0.8.13

  • Igor Sysoev Nginx 0.8.14

  • Igor Sysoev Nginx 0.8.15

  • Igor Sysoev Nginx 0.8.16

  • Igor Sysoev Nginx 0.8.17

  • Igor Sysoev Nginx 0.8.18

  • Igor Sysoev Nginx 0.8.19

  • Igor Sysoev Nginx 0.8.2

  • Igor Sysoev Nginx 0.8.20

  • Igor Sysoev Nginx 0.8.21

  • Igor Sysoev Nginx 0.8.22

  • Igor Sysoev Nginx 0.8.23

  • Igor Sysoev Nginx 0.8.24

  • Igor Sysoev Nginx 0.8.25

  • Igor Sysoev Nginx 0.8.26

  • Igor Sysoev Nginx 0.8.27

  • Igor Sysoev Nginx 0.8.28

  • Igor Sysoev Nginx 0.8.29

  • Igor Sysoev Nginx 0.8.3

  • Igor Sysoev Nginx 0.8.30

  • Igor Sysoev Nginx 0.8.31

  • Igor Sysoev Nginx 0.8.32

  • Igor Sysoev Nginx 0.8.33

  • Igor Sysoev Nginx 0.8.34

  • Igor Sysoev Nginx 0.8.35

  • Igor Sysoev Nginx 0.8.36

  • Igor Sysoev Nginx 0.8.37

  • Igor Sysoev Nginx 0.8.38

  • Igor Sysoev Nginx 0.8.39

  • Igor Sysoev Nginx 0.8.4

  • Igor Sysoev Nginx 0.8.40

  • Igor Sysoev Nginx 0.8.41

  • Igor Sysoev Nginx 0.8.42

  • Igor Sysoev Nginx 0.8.43

  • Igor Sysoev Nginx 0.8.44

  • Igor Sysoev Nginx 0.8.45

  • Igor Sysoev Nginx 0.8.46

  • Igor Sysoev Nginx 0.8.47

  • Igor Sysoev Nginx 0.8.48

  • Igor Sysoev Nginx 0.8.49

  • Igor Sysoev Nginx 0.8.5

  • Igor Sysoev Nginx 0.8.50

  • Igor Sysoev Nginx 0.8.51

  • Igor Sysoev Nginx 0.8.52

  • Igor Sysoev Nginx 0.8.53

  • Igor Sysoev Nginx 0.8.6

  • Igor Sysoev Nginx 0.8.7

  • Igor Sysoev Nginx 0.8.8

  • Igor Sysoev Nginx 0.8.9

  • Igor Sysoev Nginx 0.9.0

  • Igor Sysoev Nginx 0.9.1

  • Igor Sysoev Nginx 0.9.2

  • Igor Sysoev Nginx 0.9.3

  • Igor Sysoev Nginx 0.9.4

  • Igor Sysoev Nginx 0.9.5

  • Igor Sysoev Nginx 0.9.6

  • Igor Sysoev Nginx 0.9.7

  • Igor Sysoev Nginx 1.0.0

  • Igor Sysoev Nginx 1.0.1

  • Igor Sysoev Nginx 1.0.10

  • Igor Sysoev Nginx 1.0.11

  • Igor Sysoev Nginx 1.0.12

  • Igor Sysoev Nginx 1.0.13

  • Igor Sysoev Nginx 1.0.14

  • Igor Sysoev Nginx 1.0.2

  • Igor Sysoev Nginx 1.0.3

  • Igor Sysoev Nginx 1.0.4

  • Igor Sysoev Nginx 1.0.5

  • Igor Sysoev Nginx 1.0.6

  • Igor Sysoev Nginx 1.0.7

  • Igor Sysoev Nginx 1.0.8

  • Igor Sysoev Nginx 1.0.9

  • Igor Sysoev Nginx 1.1.0

  • Igor Sysoev Nginx 1.1.1

  • Igor Sysoev Nginx 1.1.10

  • Igor Sysoev Nginx 1.1.11

  • Igor Sysoev Nginx 1.1.12

  • Igor Sysoev Nginx 1.1.13

  • Igor Sysoev Nginx 1.1.14

  • Igor Sysoev Nginx 1.1.15

  • Igor Sysoev Nginx 1.1.16

  • Igor Sysoev Nginx 1.1.2

  • Igor Sysoev Nginx 1.1.3

  • Igor Sysoev Nginx 1.1.4

  • Igor Sysoev Nginx 1.1.5

  • Igor Sysoev Nginx 1.1.6

  • Igor Sysoev Nginx 1.1.7

  • Igor Sysoev Nginx 1.1.8

  • Igor Sysoev Nginx 1.1.9


References

MLIST - [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers

MLIST - [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers

CONFIRM - http://trac.nginx.org/nginx/changeset/4531/nginx

CONFIRM - http://trac.nginx.org/nginx/changeset/4530/nginx

BUGTRAQ - 20120315 nginx fix for malformed HTTP responses from upstream servers

CONFIRM - http://nginx.org/en/security_advisories.html

CONFIRM - http://nginx.org/download/patch.2012.memory.txt

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=803856

XF - nginx-ngxcpystrn-info-disclosure(74191)

SECTRACK - 1026827

BID - 52578

GENTOO - GLSA-201203-22

SECUNIA - 48577

SECUNIA - 48465

FEDORA - FEDORA-2012-4006

FEDORA - FEDORA-2012-3991

FEDORA - FEDORA-2012-3846

OSVDB - 80124


Last Updated: 27 May 2016 10:57:30