From: Marc Deslauriers
Date: Jan 14, 2020 1:10AM
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly
handled certain error_page configurations. A remote attacker could possibly
use this issue to perform HTTP request smuggling attacks and access
resources contrary to expectations.
References:
https://usn.ubuntu.com/4235-1
CVE-2019-20372
沒有留言:
張貼留言