Your submission was sent successfully! Close

USN-4235-1: nginx vulnerability

13 January 2020

nginx could be made to expose sensitive information over the network.



  • nginx - small, powerful, scalable web/proxy server


Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly
handled certain error_page configurations. A remote attacker could possibly
use this issue to perform HTTP request smuggling attacks and access
resources contrary to expectations.


Related notices

  • USN-4235-2: nginx-common, nginx-doc, nginx-extras, nginx-naxsi, nginx-core, nginx-naxsi-ui, nginx-full, nginx, nginx-light