vulnerability
Red Hat: CVE-2019-20372: HTTP request smuggling in configurations with URL redirect used as error_page (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 2020-01-09 | 2020-12-21 | 2023-12-15 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
2020-01-09
Added
2020-12-21
Modified
2023-12-15
Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Solution(s)
redhat-upgrade-nginxredhat-upgrade-nginx-all-modulesredhat-upgrade-nginx-debuginforedhat-upgrade-nginx-debugsourceredhat-upgrade-nginx-filesystemredhat-upgrade-nginx-mod-http-image-filterredhat-upgrade-nginx-mod-http-image-filter-debuginforedhat-upgrade-nginx-mod-http-perlredhat-upgrade-nginx-mod-http-perl-debuginforedhat-upgrade-nginx-mod-http-xslt-filterredhat-upgrade-nginx-mod-http-xslt-filter-debuginforedhat-upgrade-nginx-mod-mailredhat-upgrade-nginx-mod-mail-debuginforedhat-upgrade-nginx-mod-streamredhat-upgrade-nginx-mod-stream-debuginfo
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.