CVE-2013-2070

Severity

57%

Complexity

86%

Confidentiality

81%

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P).

Overview

Type

Nginx

First reported 11 years ago

2013-07-20 03:37:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Nginx 1.1.4

1.1.4

Nginx 1.1.6

1.1.6

Nginx 1.1.7

1.1.7

Nginx 1.1.8

1.1.8

Nginx 1.1.9

1.1.9

Nginx 1.1.10

1.1.10

Nginx 1.1.11

1.1.11

Nginx 1.1.12

1.1.12

Nginx 1.1.13

1.1.13

Nginx 1.1.15

1.1.15

Nginx 1.1.16

1.1.16

Nginx 1.1.17

1.1.17

Nginx 1.1.18

1.1.18

Nginx 1.1.19

1.1.19

Nginx 1.2.0

1.2.0

Nginx 1.3.0

1.3.0

Nginx 1.3.1

1.3.1

Nginx 1.3.2

1.3.2

Nginx 1.3.3

1.3.3

Nginx 1.3.4

1.3.4

Nginx 1.3.5

1.3.5

Nginx 1.3.6

1.3.6

Nginx 1.3.7

1.3.7

Nginx 1.3.8

1.3.8

Nginx 1.3.9

1.3.9

Nginx 1.3.10

1.3.10

Nginx 1.3.11

1.3.11

Nginx 1.3.12

1.3.12

Nginx 1.3.13

1.3.13

Nginx 1.3.14

1.3.14

Nginx 1.3.15

1.3.15

Nginx 1.3.16

1.3.16

Nginx 1.4.0

1.4.0

References

FEDORA-2013-8182

[nginx-announce] 20130513 nginx security advisory (CVE-2013-2070)

Vendor Advisory

http://nginx.org/download/patch.2013.proxy.txt

Exploit

[oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028)

55181

GLSA-201310-04

DSA-2721

[oss-security] 20130513 nginx security advisory (CVE-2013-2070)

59824

https://bugzilla.redhat.com/show_bug.cgi?id=962525

nginx-cve20132070-dos(84172)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.