CVE-2019-20372
nginx: HTTP request smuggling in configurations with URL redirect used as error_page
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador de carga.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-09 CVE Reserved
- 2020-01-09 CVE Published
- 2022-04-06 First Exploit
- 2024-05-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List |
|
| https://duo.com/docs/dng-notes#version-1.5.4-january-2020 | Release Notes | |
| https://security.netapp.com/advisory/ntap-20200127-0003 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212818 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/0xleft/CVE-2019-20372 | 2023-09-16 | |
| https://github.com/vuongnv3389-sec/CVE-2019-20372 | 2022-04-06 | |
| https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/kubernetes/ingress-nginx/pull/4859 | 2022-04-06 | |
| https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e | 2022-04-06 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html | 2022-04-06 | |
| http://nginx.org/en/CHANGES | 2022-04-06 | |
| https://usn.ubuntu.com/4235-1 | 2022-04-06 | |
| https://usn.ubuntu.com/4235-2 | 2022-04-06 | |
| https://access.redhat.com/security/cve/CVE-2019-20372 | 2021-03-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1790277 | 2021-03-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | Nginx Search vendor "F5" for product "Nginx" | < 1.17.7 Search vendor "F5" for product "Nginx" and version " < 1.17.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | < 13.0 Search vendor "Apple" for product "Xcode" and version " < 13.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||