Medium severity5.3NVD Advisory· Published Jan 9, 2020· Updated Jun 17, 2026
CVE-2019-20372
CVE-2019-20372
Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- NGINX/NGINXdescription
- osv-coords7 versionspkg:rpm/opensuse/nginx&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 1.14.2-lp151.4.6.1+ 6 more
- (no CPE)range: < 1.14.2-lp151.4.6.1
- (no CPE)range: < 1.21.3-1.4
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.14.2-6.7.1
- (no CPE)range: < 1.16.1-3.12.7
- (no CPE)range: < 1.16.1-3.12.7
Patches
Vulnerability mechanics
References
11- github.com/kubernetes/ingress-nginx/pull/4859nvdPatchThird Party Advisory
- github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94envdPatchVendor Advisory
- bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdfnvdExploitMitigationThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.htmlnvdMailing ListThird Party Advisory
- nginx.org/en/CHANGESnvdMitigationRelease NotesVendor Advisory
- seclists.org/fulldisclosure/2021/Sep/36nvdMailing ListThird Party Advisory
- duo.com/docs/dng-notesnvdRelease NotesThird Party Advisory
- security.netapp.com/advisory/ntap-20200127-0003/nvdThird Party Advisory
- support.apple.com/kb/HT212818nvdThird Party Advisory
- usn.ubuntu.com/4235-1/nvdThird Party Advisory
- usn.ubuntu.com/4235-2/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.