vulnerability

Red Hat: CVE-2019-20372: HTTP request smuggling in configurations with URL redirect used as error_page (Multiple Advisories)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
2020-01-09
Added
2020-12-21
Modified
2023-12-15

Description

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Solution(s)

redhat-upgrade-nginxredhat-upgrade-nginx-all-modulesredhat-upgrade-nginx-debuginforedhat-upgrade-nginx-debugsourceredhat-upgrade-nginx-filesystemredhat-upgrade-nginx-mod-http-image-filterredhat-upgrade-nginx-mod-http-image-filter-debuginforedhat-upgrade-nginx-mod-http-perlredhat-upgrade-nginx-mod-http-perl-debuginforedhat-upgrade-nginx-mod-http-xslt-filterredhat-upgrade-nginx-mod-http-xslt-filter-debuginforedhat-upgrade-nginx-mod-mailredhat-upgrade-nginx-mod-mail-debuginforedhat-upgrade-nginx-mod-streamredhat-upgrade-nginx-mod-stream-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.