What is CVE-2013-2070?

CVE-2013-2070 is a vulnerability in F5 Nginx. Published 2013-07-20.

Is CVE-2013-2070 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in F5 Nginx

CVE-2013-2070

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information f…

EPSS: 0.068 (91.5th percentile) — read the EPSS interpretation.

Affected products

F5 Nginx
Debian Debian_linux — versions 6.0, 7.0
N/a — versions n/a

Public proof-of-concept exploits

References

DSA-2721 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
[oss-security] 20130513 nginx security advisory (CVE-2013-2070) (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
[nginx-announce] 20130513 nginx security advisory (CVE-2013-2070) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
55181 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
FEDORA-2013-8182 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
59824 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (Patch, x_refsource_MISC, Vendor Advisory)
[oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028) (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
GLSA-201310-04 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2013-2070?: CVE-2013-2070 is a vulnerability in F5 Nginx. Published 2013-07-20.
Is CVE-2013-2070 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.