nginx ngx_http_proxy_module.c Memory Disclosure

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a remote memory disclosure

Description :

According to its Server response header, the installed version of nginx
is 1.1.x, greater than or equal to 1.1.4, or 1.2.x prior to 1.2.9. It
is, therefore, affected by a memory disclosure vulnerability in
'ngx_http_proxy_module.c' when 'proxy_pass' to untrusted upstream
servers is used.

By sending a specially crafted request, an attacker may be able to gain
access to worker process memory or trigger a denial of service

See also :

Solution :

Either apply the patch manually or upgrade to nginx 1.2.9 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 66671 ()

Bugtraq ID: 59824

CVE ID: CVE-2013-2070