Unrated severityNVD Advisory· Published Jul 20, 2013· Updated Apr 29, 2026
CVE-2013-2070
CVE-2013-2070
Description
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
Affected products
3cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- mailman.nginx.org/pipermail/nginx-announce/2013/000114.htmlnvdPatchVendor Advisory
- nginx.org/download/patch.2013.proxy.txtnvdPatchVendor Advisory
- seclists.org/oss-sec/2013/q2/291nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2013/05/13/3nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.htmlnvdThird Party Advisory
- secunia.com/advisories/55181nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201310-04.xmlnvdThird Party Advisory
- www.debian.org/security/2013/dsa-2721nvdThird Party Advisory
- www.securityfocus.com/bid/59824nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/84172nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.