First published: Thu Jan 09 2020(Updated: )
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
Credit: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-nginx116-nginx | <1:1.16.1-4.el7.1 | 1:1.16.1-4.el7.1 |
ubuntu/nginx | <1.14.0-0ubuntu1.7 | 1.14.0-0ubuntu1.7 |
ubuntu/nginx | <1.15.9-0ubuntu1.2 | 1.15.9-0ubuntu1.2 |
ubuntu/nginx | <1.16.1-0ubuntu2.1 | 1.16.1-0ubuntu2.1 |
ubuntu/nginx | <1.4.6-1ubuntu3.9+ | 1.4.6-1ubuntu3.9+ |
ubuntu/nginx | <1.17.7 | 1.17.7 |
ubuntu/nginx | <1.10.3-0ubuntu0.16.04.5 | 1.10.3-0ubuntu0.16.04.5 |
<1.17.7 | ||
<13.0 | ||
=14.04 | ||
=15.1 | ||
F5 Nginx | <1.17.7 | |
Apple Xcode | <13.0 | |
Canonical Ubuntu Linux | =14.04 | |
openSUSE Leap | =15.1 | |
Netapp Cloud Backup | ||
redhat/nginx | <1.17.7 | 1.17.7 |
Apple Xcode | <13 | 13 |
debian/nginx | 1.14.2-2+deb10u4 1.14.2-2+deb10u5 1.18.0-6.1+deb11u3 1.22.1-9 1.24.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The severity of CVE-2019-20372 is medium with a severity value of 5.3.
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling.
The affected software for CVE-2019-20372 includes NGINX versions before 1.17.7 and certain versions of Apple Xcode.
The remedy for CVE-2019-20372 is to update NGINX to version 1.17.7 or later.
You can find more information about CVE-2019-20372 on the CVE website, NIST NVD, Red Hat Bugzilla, and Red Hat Security Advisory.