CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

10 Nov 2021, 15:57

Type Values Removed Values Added
CPE cpe:2.3:a:nginx:nginx:0.8.36:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.7.61:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.8.40:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.7.62:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.8.33:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.7.64:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.8.35:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.7.66:*:*:*:*:*:*:*
cpe:2.3:a:nginx:nginx:0.7.65:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 - Issue Tracking, Issue Tracking, Patch, Third Party Advisory (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2019-11-19 16:15

Updated : 2024-02-04 20:39


NVD link : CVE-2011-4968

Mitre link : CVE-2011-4968

CVE.ORG link : CVE-2011-4968


JSON object : View

Products Affected

debian

  • debian_linux

f5

  • nginx
CWE
CWE-20

Improper Input Validation