vulnerability
CentOS Linux: CVE-2019-20372: Moderate: nginx:1.16 security update (CESA-2020:5495)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 01/09/2020 | 12/21/2020 | 05/25/2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
01/09/2020
Added
12/21/2020
Modified
05/25/2023
Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Solution(s)
centos-upgrade-nginxcentos-upgrade-nginx-all-modulescentos-upgrade-nginx-debuginfocentos-upgrade-nginx-debugsourcecentos-upgrade-nginx-filesystemcentos-upgrade-nginx-mod-http-image-filtercentos-upgrade-nginx-mod-http-image-filter-debuginfocentos-upgrade-nginx-mod-http-perlcentos-upgrade-nginx-mod-http-perl-debuginfocentos-upgrade-nginx-mod-http-xslt-filtercentos-upgrade-nginx-mod-http-xslt-filter-debuginfocentos-upgrade-nginx-mod-mailcentos-upgrade-nginx-mod-mail-debuginfocentos-upgrade-nginx-mod-streamcentos-upgrade-nginx-mod-stream-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.