Showing 1 - 7 of 7

CVE-2019-20372

Status Candidate

Overview

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Related Files

Apple Security Advisory 2021-09-20-4: Posted Sep 22, 2021; Authored by Apple | Site apple.com; Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.; tags | advisory; systems | apple; advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2017-7529, CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-20372; SHA-256 | e298f65735c01199cc9782cb84a35d40ade27a44f1619154f005170a70f23d97; Download | Favorite | View

Red Hat Security Advisory 2021-0778-01: Posted Mar 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.; tags | advisory, web, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971; SHA-256 | b36485939bcc96f4f05a1b61fcc6c6e3aefa7b635d0f1eb06d546cdccf61da2a; Download | Favorite | View

Red Hat Security Advisory 2021-0779-01: Posted Mar 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.; tags | advisory, web, vulnerability; systems | linux, redhat; advisories | CVE-2019-20372, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253; SHA-256 | ffea5b924d380661bcc8195b96557d4036aa09a293d42a21776c1077e68571d1; Download | Favorite | View

Red Hat Security Advisory 2020-5495-01: Posted Dec 16, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-5495-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2019-20372; SHA-256 | 662ff82ffc286989c26d768c1895ecb6e49567a23a05aa27edfa7ace5d971eed; Download | Favorite | View

Red Hat Security Advisory 2020-2817-01: Posted Jul 2, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2019-20372; SHA-256 | 8532ff6109d76302c144b3361db60c0aa50758a60d06b2d79ebf30dee7c39f74; Download | Favorite | View

Ubuntu Security Notice USN-4235-2: Posted Jan 15, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2019-20372; SHA-256 | f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcd; Download | Favorite | View

Ubuntu Security Notice USN-4235-1: Posted Jan 13, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2019-20372; SHA-256 | 044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 93 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,099)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,756)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,521)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,747)
UNIX (9,436)
UnixWare (187)
Windows (6,674)
Other

CVE-2019-20372

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems