CVE-2019-20372
published 2020-01-09CVE-2019-20372: NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | < 13.0 | 13.0 |
| apple | xcode | — | — |
| canonical | ubuntu_linux | — | — |
| debian | nginx | < nginx 1.16.1-3 (bookworm) | nginx 1.16.1-3 (bookworm) |
| f5 | nginx | < 1.17.7 | 1.17.7 |
| f5 | nginx | >= 0 < 1.16.1-3 | 1.16.1-3 |
| f5 | nginx | >= 0 < 1.16.1-3 | 1.16.1-3 |
| f5 | nginx | >= 0 < 1.16.1-3 | 1.16.1-3 |
| f5 | nginx | >= 0 < 1.16.1-3 | 1.16.1-3 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_nginx_1.16.1-4_on_cbl_mariner_1.0 | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM