CVE-2013-2070 (retired)

Priority
Description
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0
through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows
remote attackers to cause a denial of service (crash) and obtain sensitive
information from worker process memory via a crafted proxy response, a
similar vulnerability to CVE-2013-2028.
Notes
 jdstrand> per upstream 1.1.4 and higher
Package
Source: nginx (LP Ubuntu Debian)
Upstream:released (1.4.1-1)
Patches:
Other:http://nginx.org/download/patch.2013.proxy.txt
More Information

Updated: 2019-09-19 15:44:23 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)