Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2434-1:9B577
HistoryMar 19, 2012 - 10:56 p.m.

[SECURITY] [DSA 2434-1] nginx security update

2012-03-1922:56:59
lists.debian.org
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Debian Security Advisory DSA-2434-1 [email protected]
http://www.debian.org/security/ Luciano Bello
March 19, 2012 http://www.debian.org/security/faq

Package : nginx
Vulnerability : sensitive information leak
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-1180
Debian Bug : 664137

Matthew Daley discovered a memory disclosure vulnerability in nginx. In
previous versions of this web server, an attacker can receive the content of
previously freed memory if an upstream server returned a specially crafted HTTP
response, potentially exposing sensitive information.

For the stable distribution (squeeze), this problem has been fixed in
version 0.7.67-3+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.17-1.

We recommend that you upgrade your nginx packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6sparcnginx-dbg< 0.7.67-3+squeeze2nginx-dbg_0.7.67-3+squeeze2_sparc.deb
Debian6ia64nginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_ia64.deb
Debian6mipsnginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_mips.deb
Debian6kfreebsd-i386nginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_kfreebsd-i386.deb
Debian6kfreebsd-amd64nginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_kfreebsd-amd64.deb
Debian6powerpcnginx-dbg< 0.7.67-3+squeeze2nginx-dbg_0.7.67-3+squeeze2_powerpc.deb
Debian6powerpcnginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_powerpc.deb
Debian6amd64nginx< 0.7.67-3+squeeze2nginx_0.7.67-3+squeeze2_amd64.deb
Debian6kfreebsd-i386nginx-dbg< 0.7.67-3+squeeze2nginx-dbg_0.7.67-3+squeeze2_kfreebsd-i386.deb
Debian6amd64nginx-dbg< 0.7.67-3+squeeze2nginx-dbg_0.7.67-3+squeeze2_amd64.deb
Rows per page:
1-10 of 231

Related

openvas 19
nessus 10
securityvulns 1
fedora 5
seebug 1
prion 1
ubuntucve 1
debiancve 1
nginx 1
amazon 1
cve 1
gentoo 1
openvas
openvas
Fedora Update for nginx FEDORA-2012-3991
2012-04-02 00:00:00
Fedora Update for nginx FEDORA-2012-4006
2012-04-02 00:00:00
Debian: Security Advisory (DSA-2434-1)
2012-04-30 00:00:00
nessus
nessus
Fedora 15 : nginx-1.0.14-1.fc15 (2012-4006)
2012-04-02 00:00:00
Amazon Linux AMI : nginx (ALAS-2012-63)
2013-09-04 00:00:00
Fedora 16 : nginx-1.0.14-1.fc16 (2012-3991)
2012-04-02 00:00:00
securityvulns
securityvulns
nginx information leakage
2012-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: nginx-1.0.14-1.fc16
2012-03-31 03:08:07
[SECURITY] Fedora 17 Update: nginx-1.0.14-1.fc17
2012-04-12 03:27:59
[SECURITY] Fedora 15 Update: nginx-1.0.14-1.fc15
2012-03-31 03:14:27
seebug
seebug
nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180)
2012-03-29 00:00:00
prion
prion
Design/Logic Flaw
2012-04-17 21:55:00
ubuntucve
ubuntucve
CVE-2012-1180
2012-04-17 00:00:00
debiancve
debiancve
CVE-2012-1180
2012-04-17 21:55:00
nginx
nginx
Memory disclosure with specially crafted backend responses
2012-04-17 21:55:00
amazon
amazon
Medium: nginx
2012-04-05 12:50:00
cve
cve
CVE-2012-1180
2012-04-17 21:55:00
gentoo
gentoo
nginx: Multiple vulnerabilities
2012-03-28 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON
Related for DEBIAN:DSA-2434-1:9B577
openvas19nessus10securityvulns1fedora5seebug1prion1ubuntucve1debiancve1nginx1amazon1cve1gentoo1