nginx < 1.0.14 / 1.1.x < 1.1.17 Information-Disclosure
Medium Nessus Network Monitor Plugin ID 6457
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionThe remote host is running a nginx HTTP server.
Versions earlier than 1.0.14(stable version) or versions earlier than 1.1.17(development version) are vulnerable to an information-disclosure vulnerability, when handling specially crafted HTTP responses. Attackers can exploit this issue to disclose the content of the previously freed memory. (CVE-2012-1180)
SolutionUpgrade to nginx 1.0.14(stable version) or 1.1.17(development version) or later.