Unrated severityNVD Advisory· Published Jan 9, 2020· Updated Aug 5, 2024
CVE-2019-20372
CVE-2019-20372
Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- NGINX/NGINXdescription
- osv-coords7 versionspkg:rpm/opensuse/nginx&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 1.14.2-lp151.4.6.1+ 6 more
- (no CPE)range: < 1.14.2-lp151.4.6.1
- (no CPE)range: < 1.21.3-1.4
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.14.2-6.7.1
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.16.1-3.12.7
Patches
Vulnerability mechanics
References
11- lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4235-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4235-2/mitrevendor-advisoryx_refsource_UBUNTU
- nginx.org/en/CHANGESmitrex_refsource_MISC
- seclists.org/fulldisclosure/2021/Sep/36mitremailing-listx_refsource_FULLDISC
- bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdfmitrex_refsource_MISC
- duo.com/docs/dng-notesmitrex_refsource_MISC
- github.com/kubernetes/ingress-nginx/pull/4859mitrex_refsource_MISC
- github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94emitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200127-0003/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT212818mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.