Wind River Support Network

HomeDefectsLIN9-9525
Fixed

LIN9-9525 : Security Advisory - nginx - CVE-2019-20372

Created: Jan 12, 2020    Updated: Jan 21, 2020
Resolved Date: Jan 21, 2020
Found In Version: 9.0.0.1
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CREATE(Triage):(User=admin) [CVE-2019-20372|https://nvd.nist.gov/vuln/detail/CVE-2019-20372]

CVEs


Live chat
Online