Test ID:	1.3.6.1.4.1.25623.1.0.103469
Category:	Web Servers
Title:	nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
Summary:	nginx is prone to an information disclosure vulnerability.
Description:	Summary: nginx is prone to an information disclosure vulnerability. Vulnerability Impact: Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. Solution: Updates are available. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 1026827 http://www.securitytracker.com/id?1026827 20120315 nginx fix for malformed HTTP responses from upstream servers http://seclists.org/bugtraq/2012/Mar/65 48465 http://secunia.com/advisories/48465 48577 http://secunia.com/advisories/48577 52578 http://www.securityfocus.com/bid/52578 80124 http://osvdb.org/80124 DSA-2434 http://www.debian.org/security/2012/dsa-2434 FEDORA-2012-3846 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA-2012-3991 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA-2012-4006 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml MDVSA-2012:043 http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/5 [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/9 http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://trac.nginx.org/nginx/changeset/4530/nginx http://trac.nginx.org/nginx/changeset/4531/nginx https://bugzilla.redhat.com/show_bug.cgi?id=803856 nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191 openSUSE-SU-2012:0469 https://hermes.opensuse.org/messages/14173096
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.