Vulnerability Details : CVE-2019-20372
Potential exploit
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Products affected by CVE-2019-20372
- cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-20372
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-20372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-20372
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-20372
-
https://duo.com/docs/dng-notes#version-1.5.4-january-2020
Duo Network Gateway | Duo SecurityRelease Notes;Third Party Advisory
-
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
Exploit;Mitigation;Third Party Advisory
-
http://seclists.org/fulldisclosure/2021/Sep/36
Full Disclosure: APPLE-SA-2021-09-20-4 Xcode 13Mailing List;Third Party Advisory
-
https://usn.ubuntu.com/4235-2/
USN-4235-2: nginx vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
Discard request body when redirecting to a URL via error_page. · nginx/nginx@c1be55f · GitHubPatch;Vendor Advisory
-
https://support.apple.com/kb/HT212818
About the security content of Xcode 13 - Apple SupportThird Party Advisory
-
https://usn.ubuntu.com/4235-1/
USN-4235-1: nginx vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/kubernetes/ingress-nginx/pull/4859
Use a named location for authSignURL by aledbf · Pull Request #4859 · kubernetes/ingress-nginx · GitHubPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200127-0003/
CVE-2019-20372 NGINX vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html
[security-announce] openSUSE-SU-2020:0204-1: moderate: Security update fMailing List;Third Party Advisory
-
http://nginx.org/en/CHANGES
Mitigation;Release Notes;Vendor Advisory
Jump to