USN-4235-1: nginx vulnerability

13 January 2020

nginx could be made to expose sensitive information over the network.

Releases

Packages

  • nginx - small, powerful, scalable web/proxy server

Details

Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly
handled certain error_page configurations. A remote attacker could possibly
use this issue to perform HTTP request smuggling attacks and access
resources contrary to expectations.

References

Related notices

  • USN-4235-2: nginx-light, nginx-core, nginx-full, nginx, nginx-common, nginx-extras