Wind River Support Network

HomeDefectsLIN8-11979
Fixed

LIN8-11979 : Security Advisory - nginx - CVE-2019-20372

Created: Jan 12, 2020    Updated: Jan 21, 2020
Resolved Date: Jan 21, 2020
Found In Version: 8.0.0.1
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CREATE(Triage):(User=admin) [CVE-2019-20372|https://nvd.nist.gov/vuln/detail/CVE-2019-20372]

CVEs


Live chat
Online