Launchpad CVE tracker

CVE 2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Related bugs and status

CVE-2012-1180 (Candidate) is related to these bugs:

Bug #956150: March 15th 2012 Security Advisory

		In	Importance	Status
956150	March 15th 2012 Security Advisory	nginx (Ubuntu)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Lucid)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Maverick)	Medium	Won't Fix
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Natty)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Oneiric)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: http://www.securitytra...
MISC: http://seclists.org/bu...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/80124
MISC: http://www.debian.org/...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://nginx.org/downl...
MISC: http://nginx.org/en/se...
MISC: http://trac.nginx.org/...
MISC: http://trac.nginx.org/...
MISC: https://exchange.xforc...
MISC: https://hermes.opensus...

Launchpad.net

CVE 2012-1180

Related bugs and status

Related bugs

References