CVE-2013-2070
nginx - nginx security update
EPSS 6.8%
Description
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
How to fix CVE-2013-2070
To remediate CVE-2013-2070, upgrade the affected package to a fixed version below.
- Debian/nginx—upgrade to 1.4.1-1 or later
- Debian/nginx—upgrade to 1.2.1-2.2+wheezy1 or later
Is CVE-2013-2070 being exploited?
Moderate — EPSS is 6.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.4.1-1
- from 0, < 1.2.1-2.2+wheezy1