Home

CVE-2019-20372

Description

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
69.737

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2019-20372 are affected in Nginx 1.17.6Windows
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.14.0-0ubuntu1.7_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.14.0-0ubuntu1.7_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.15.9-0ubuntu1.2_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.15.9-0ubuntu1.2_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.16.1-0ubuntu2.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.16.1-0ubuntu2.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.10.3-0ubuntu0.16.04.5_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-core_1.10.3-0ubuntu0.16.04.5_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.14.0-0ubuntu1.7_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.14.0-0ubuntu1.7_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.15.9-0ubuntu1.2_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.15.9-0ubuntu1.2_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.16.1-0ubuntu2.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.16.1-0ubuntu2.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.10.3-0ubuntu0.16.04.5_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-full_1.10.3-0ubuntu0.16.04.5_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.14.0-0ubuntu1.7_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.14.0-0ubuntu1.7_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.15.9-0ubuntu1.2_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.15.9-0ubuntu1.2_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.16.1-0ubuntu2.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.16.1-0ubuntu2.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.10.3-0ubuntu0.16.04.5_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-light_1.10.3-0ubuntu0.16.04.5_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-common_1.14.0-0ubuntu1.7_all.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-common_1.15.9-0ubuntu1.2_all.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-common_1.16.1-0ubuntu2.1_all.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-common_1.10.3-0ubuntu0.16.04.5_all.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.14.0-0ubuntu1.7_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.14.0-0ubuntu1.7_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.15.9-0ubuntu1.2_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.15.9-0ubuntu1.2_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.16.1-0ubuntu2.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.16.1-0ubuntu2.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.10.3-0ubuntu0.16.04.5_i386.debLinux
small, powerful, scalable web/proxy server (USN-4235-1) nginx-extras_1.10.3-0ubuntu0.16.04.5_amd64.debLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-all-modules-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-debugsource-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-filesystem-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.noarch.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-mod-http-image-filter-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-mod-http-perl-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-mod-http-xslt-filter-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-mod-mail-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
(RHSA-2020:5495) nginx:1.16 security update nginx-mod-stream-1.16.1-1.module+el8.3.0+8844+e5e7039f.1.x86_64.rpmLinux
Vulnerability CVE-2019-20372 are affected in Nginx 1.17.6 (For Linux)Linux
Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability (CVE-2019-20372)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234