CVE-2020-11724

Related Files

Ubuntu Security Notice USN-5371-3

Posted Oct 10, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5371-3 - USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains.

tags | advisory, remote, web, vulnerability, protocol

systems | linux, ubuntu

advisories | CVE-2020-11724, CVE-2020-36309, CVE-2021-3618

SHA-256 | 172bbfa6d06525617f861427837c834d50db4e0869fba08cb19ab97e37f938d0

Download | Favorite | View

Ubuntu Security Notice USN-5371-2

Posted Apr 28, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5371-2 - USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, web, vulnerability

systems | linux, ubuntu

advisories | CVE-2020-11724, CVE-2020-36309, CVE-2021-3618

SHA-256 | 0312d8395edc75623bc232eb22c356f06f0f1ab5ad2bd86ce88f5fc4a29fe7c0

Download | Favorite | View

Ubuntu Security Notice USN-5371-1

Posted Apr 13, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5371-1 - It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, web

systems | linux, ubuntu

advisories | CVE-2020-11724, CVE-2020-36309, CVE-2021-3618

SHA-256 | 520503052384dbfca1799e58e512e8af33349b154fa6e72f5d874d504e1ff1b2

Download | Favorite | View

Debian Security Advisory 4750-1

Posted Aug 28, 2020

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4750-1 - It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability.

tags | advisory, web

systems | linux, debian

advisories | CVE-2020-11724

SHA-256 | 069a0750508098f2ee6bfc51176f8bbdb3174e2266c7e9b5ec99e5b2a52e854f

Download | Favorite | View