Mageia 7: 2020-0231 Critical: Nginx HTTP Request Smuggling Issue

mageia

May 27, 2020

Nginx was updated due to the following vulnerabilities: ngx_http_special_response.c: With a certain error_page configuration, HTTP request smuggling is possible

Summary

Nginx was updated due to the following vulnerabilities: ngx_http_special_response.c: With a certain error_page configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. (CVE-2019-20372).

References

- https://bugs.mageia.org/show_bug.cgi?id=26086

- https://ubuntu.com/security/notices/USN-4235-1

- https://www.cve.org/CVERecord?id=CVE-2019-20372

Topics Covered

security advisory nginx HTTP request attack vector Mageia web page access

Resolution

SRPMS

- 7/core/nginx-1.16.1-1.2.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 27 May 2020

URL: https://advisories.mageia.org/MGASA-2020-0231.html

Type: security

CVE: CVE-2019-20372

Topics Covered

security advisory nginx HTTP request attack vector Mageia web page access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks