Test ID:	1.3.6.1.4.1.25623.1.0.120585
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2012-63)
Summary:	The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory.
Description:	Summary: The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory. Vulnerability Insight: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Software/OS: 'nginx' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 1026827 http://www.securitytracker.com/id?1026827 20120315 nginx fix for malformed HTTP responses from upstream servers http://seclists.org/bugtraq/2012/Mar/65 48465 http://secunia.com/advisories/48465 48577 http://secunia.com/advisories/48577 52578 http://www.securityfocus.com/bid/52578 80124 http://osvdb.org/80124 DSA-2434 http://www.debian.org/security/2012/dsa-2434 FEDORA-2012-3846 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA-2012-3991 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA-2012-4006 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml MDVSA-2012:043 http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/5 [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/9 http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://trac.nginx.org/nginx/changeset/4530/nginx http://trac.nginx.org/nginx/changeset/4531/nginx https://bugzilla.redhat.com/show_bug.cgi?id=803856 nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191 openSUSE-SU-2012:0469 https://hermes.opensuse.org/messages/14173096
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.