Vulnerability Details CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2013/01/03/8
- http://www.securityfocus.com/bid/57139
- https://access.redhat.com/security/cve/cve-2011-4968
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80952
- https://security-tracker.debian.org/tracker/CVE-2011-4968
- http://www.openwall.com/lists/oss-security/2013/01/03/8
- http://www.securityfocus.com/bid/57139
- https://access.redhat.com/security/cve/cve-2011-4968
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80952
- https://security-tracker.debian.org/tracker/CVE-2011-4968
Products affected by CVE-2011-4968
-
cpe:2.3:a:f5:nginx:0.7.61
-
cpe:2.3:a:f5:nginx:0.7.62
-
cpe:2.3:a:f5:nginx:0.7.64
-
cpe:2.3:a:f5:nginx:0.7.65
-
cpe:2.3:a:f5:nginx:0.7.66
-
cpe:2.3:a:f5:nginx:0.8.33
-
cpe:2.3:a:f5:nginx:0.8.35
-
cpe:2.3:a:f5:nginx:0.8.36
-
cpe:2.3:a:f5:nginx:0.8.40
-
cpe:2.3:a:f5:nginx:1.2.6
-
cpe:2.3:o:debian:debian_linux:8.0