Lucene search
Veracode Vulnerability DatabaseVERACODE:28449HistoryDec 06, 2020 - 4:39 a.m.
HTTP Request Smuggling
2020-12-0604:39:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
32
http request smuggling
nginx
remote attacker
api exploitation
vulnerability
EPSS
0.004
Percentile
74.2%
nginx is vulnerable to HTTP request smuggling. A remote attacker is able to smuggle HTTP requests via the ngx.location.capture API.
References
github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa
github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
lists.debian.org/debian-lts-announce/2020/07/msg00014.html
security-tracker.debian.org/tracker/CVE-2020-11724
security.netapp.com/advisory/ntap-20210129-0002/
www.debian.org/security/2020/dsa-4750
Related
debian
debian
[SECURITY] [DSA 4750-1] nginx security update
2020-08-26 16:58:14
[SECURITY] [DLA 2283-1] nginx security update
2020-07-20 13:17:38
[SECURITY] [DSA 4750-1] nginx security update
2020-08-26 16:58:14
nessus
nessus
Debian DLA-2283-1 : nginx security update
2020-07-21 00:00:00
Debian DSA-4750-1 : nginx - security update
2020-08-27 00:00:00
Ubuntu 16.04 ESM : nginx vulnerability (USN-5371-3)
2022-10-08 00:00:00
nvd
nvd
CVE-2020-11724
2020-04-12 21:15:10
osv
osv
CVE-2020-11724
2020-04-12 21:15:10
nginx - security update
2020-07-20 00:00:00
nginx - security update
2020-08-26 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2283-1)
2020-07-21 00:00:00
Debian: Security Advisory (DSA-4750-1)
2020-08-27 00:00:00
Ubuntu: Security Advisory (USN-5371-3)
2022-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2020-11724
2020-04-12 00:00:00
cvelist
cvelist
CVE-2020-11724
2020-04-12 20:55:26
prion
prion
Design/Logic Flaw
2020-04-12 21:15:00
debiancve
debiancve
CVE-2020-11724
2020-04-12 21:15:10
cve
cve
CVE-2020-11724
2020-04-12 21:15:10
ubuntu
ubuntu
nginx vulnerabilities
2022-04-12 00:00:00
nginx vulnerability
2022-04-28 00:00:00
nginx vulnerability
2022-10-07 00:00:00