CVE-2019-20372

Medium

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker…

mitre·CWE-444·Published 2020-01-09

CVSS

5.3

EPSS

0.15

KEV

Exploits

cve.orgen

233 chars

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

NVDen

233 chars

NVDes

288 chars

NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador de carga.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N