Opened 6 years ago

Closed 6 years ago

#228 closed defect (invalid)

TrustWave PCI scan reports CVE-2012-1180 for version 1.2.3

Reported by: www.google.com/accounts/o8/id?id=AItOawmwELB6GmOANxJ5HZt0tA7sA16GvJkTAQ0 Owned by: somebody
Priority: critical Milestone:
Component: nginx-core Version: 1.2.x
Keywords: CVE-2012-1180 pci fail Cc: greg@…
uname -a: Linux lb-01.tribalnovakids.com 2.6.18-274.17.1.el5xen #1 SMP Tue Jan 10 18:06:37 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.2.3 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52) TLS SNI support disabled configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -m64 -mtune=generic'

Description

Using the RPM from the YUM repository.

Perhaps the fixed was not ported into the 1.2 branch?

Change History (1)

comment:1 Changed 6 years ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

This problem was fixed in nginx 1.1.17, which is before 1.2.x, and all versions in 1.2.x branch have the fix. The fix was also ported into 1.0.x branch, all versions starting from 1.0.14 have the fix. See http://nginx.org/en/security_advisories.html for details.

Note: See TracTickets for help on using tickets.