CVE-2011-4968
MEDIUMnginx - Man-in-the-Middle Attack via HTTP Proxy Module
Title source: llmDescription
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
References (7)
Core 7
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-4968
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968
Broken Link x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-4968
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/01/03/8
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/57139
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/80952
Scores
CVSS v3
4.8
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (11)
debian/debian_linux
8.0
f5/nginx
0.7.61
f5/nginx
0.7.62
f5/nginx
0.7.64
f5/nginx
0.7.65
f5/nginx
0.7.66
f5/nginx
0.8.33
f5/nginx
0.8.35
f5/nginx
0.8.36
f5/nginx
0.8.40
... and 1 more
Published
Nov 19, 2019
Tracked Since
Feb 18, 2026