nginx ngx_http_proxy_module.c Memory Disclosure
Medium Nessus Plugin ID 66671
SynopsisThe remote web server is affected by a remote memory disclosure vulnerability.
DescriptionAccording to its Server response header, the installed version of nginx is 1.1.x, greater than or equal to 1.1.4, or 1.2.x prior to 1.2.9. It is, therefore, affected by a memory disclosure vulnerability in 'ngx_http_proxy_module.c' when 'proxy_pass' to untrusted upstream servers is used.
By sending a specially crafted request, an attacker may be able to gain access to worker process memory or trigger a denial of service condition.
SolutionEither apply the patch manually or upgrade to nginx 1.2.9 or later.