nginx ngx_http_proxy_module.c Memory Disclosure

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a remote memory disclosure

Description :

According to its Server response header, the installed version of nginx
is 1.1.x, greater than or equal to 1.1.4, or 1.2.x prior to 1.2.9. It
is, therefore, affected by a memory disclosure vulnerability in
'ngx_http_proxy_module.c' when 'proxy_pass' to untrusted upstream
servers is used.

By sending a specially crafted request, an attacker may be able to gain
access to worker process memory or trigger a denial of service

See also :

Solution :

Either apply the patch manually or upgrade to nginx 1.2.9 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 4.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 66671 ()

Bugtraq ID: 59824

CVE ID: CVE-2013-2070

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now