CVE-2012-1180

medium

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

3.1%

Exploitation probability in 30 days

Top 13% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: April 17, 2012 (5139 days ago)

Last Modified: April 29, 2026

Vendor: F5

Source: NVD

Description

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

CWE

CWE-416

Affected Products

f5 nginxfedoraproject fedoradebian debian linux

References

🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 nginx.org 🔗 nginx.org

CVE-2012-1180

Vulnerability Report

Description

CWE

Affected Products

References