Description

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Remediation

References

CVE-2012-1180

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3738)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32809)

Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)

Severity

Medium

Classification

CVE-2012-1180 CWE-416

Tags

Missing Update Known Vulnerabilities