VDB
DEBIAN-CVE-2019-20372
DEBIAN-CVE-2019-20372
PUBLISHED
CVSS 5.300000190734863 MEDIUM
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | nginx | 0, 0, 0 |
| Debian:13 | nginx | 0, 0, 0 |
| Debian:12 | nginx | 0, 0, 0 |
| Debian:11 | nginx | 0, 0, 0 |
Exploit Intelligence
- vuongnv3389-sec/CVE-2019-20372 (github-poc-repo)
- nginx http request smugling error_page directive (github-poc-repo)
- Nginx CVE-2019-20372 PoC, Unauthenticated File Upload Exploit (github-poc-repo)
- Nginx CVE-2019-20372 PoC, Unauthenticated File Upload Exploit (github-poc)
- nginx http request smugling error_page directive (github-poc)
- vuongnv3389-sec/CVE-2019-20372 (github-poc)
- cve_db.json (github-poc)
Timeline
- Jan 9, 2020 CVE Published
- Apr 28, 2026 CVE Updated