Test Kennung:	1.3.6.1.4.1.25623.1.0.143351
Kategorie:	Web Servers
Titel:	nginx 0.7.12 < 1.17.7 HTTP Request Smuggling Vulnerability
Zusammenfassung:	nginx, with certain error_page configurations, allows HTTP request smuggling,; as demonstrated by the ability of an attacker to read unauthorized web pages in environments where nginx is; being fronted by a load balancer.
Beschreibung:	Summary: nginx, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where nginx is being fronted by a load balancer. Affected Software/OS: nginx versions 0.7.12 - 1.17.6. Solution: Update to version 1.17.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20372 http://seclists.org/fulldisclosure/2021/Sep/36 http://nginx.org/en/CHANGES https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf https://duo.com/docs/dng-notes#version-1.5.4-january-2020 https://github.com/kubernetes/ingress-nginx/pull/4859 SuSE Security Announcement: openSUSE-SU-2020:0204 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html https://usn.ubuntu.com/4235-1/ https://usn.ubuntu.com/4235-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.