Candidate: CVE-2013-2070
PublicDate: 2013-07-20 03:37:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070
 http://www.openwall.com/lists/oss-security/2013/05/13/3
Description:
 http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0
 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows
 remote attackers to cause a denial of service (crash) and obtain sensitive
 information from worker process memory via a crafted proxy response, a
 similar vulnerability to CVE-2013-2028.
Ubuntu-Description:
Notes:
 jdstrand> per upstream 1.1.4 and higher
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164
 https://launchpad.net/bugs/1182586
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_nginx:
 other: http://nginx.org/download/patch.2013.proxy.txt
upstream_nginx: released (1.4.1-1)
lucid_nginx: not-affected (0.7.65-1ubuntu2.3)
precise_nginx: released (1.1.19-1ubuntu0.2)
quantal_nginx: released (1.2.1-2.2ubuntu0.1)
raring_nginx: released (1.2.6-1ubuntu3.2)
devel_nginx: not-affected (1.4.1-1ubuntu2)