Showing 1 - 7 of 7

CVE-2019-20372

Status Candidate

Overview

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Related Files

Apple Security Advisory 2021-09-20-4: Posted Sep 22, 2021; Authored by Apple | Site apple.com; Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.; tags | advisory; systems | apple; advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2017-7529, CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-20372; SHA-256 | e298f65735c01199cc9782cb84a35d40ade27a44f1619154f005170a70f23d97; Download | Favorite | View

Red Hat Security Advisory 2021-0778-01: Posted Mar 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.; tags | advisory, web, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971; SHA-256 | b36485939bcc96f4f05a1b61fcc6c6e3aefa7b635d0f1eb06d546cdccf61da2a; Download | Favorite | View

Red Hat Security Advisory 2021-0779-01: Posted Mar 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.; tags | advisory, web, vulnerability; systems | linux, redhat; advisories | CVE-2019-20372, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253; SHA-256 | ffea5b924d380661bcc8195b96557d4036aa09a293d42a21776c1077e68571d1; Download | Favorite | View

Red Hat Security Advisory 2020-5495-01: Posted Dec 16, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-5495-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2019-20372; SHA-256 | 662ff82ffc286989c26d768c1895ecb6e49567a23a05aa27edfa7ace5d971eed; Download | Favorite | View

Red Hat Security Advisory 2020-2817-01: Posted Jul 2, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2019-20372; SHA-256 | 8532ff6109d76302c144b3361db60c0aa50758a60d06b2d79ebf30dee7c39f74; Download | Favorite | View

Ubuntu Security Notice USN-4235-2: Posted Jan 15, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2019-20372; SHA-256 | f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcd; Download | Favorite | View

Ubuntu Security Notice USN-4235-1: Posted Jan 13, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2019-20372; SHA-256 | 044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2019-20372

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems