First published: Tue Apr 12 2022(Updated: )
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/nginx-light | <1.18.0-6ubuntu11.1 | 1.18.0-6ubuntu11.1 |
=21.10 | ||
All of | ||
ubuntu/nginx-extras | <1.18.0-6ubuntu11.1 | 1.18.0-6ubuntu11.1 |
=21.10 | ||
All of | ||
ubuntu/nginx-core | <1.18.0-6ubuntu11.1 | 1.18.0-6ubuntu11.1 |
=21.10 | ||
All of | ||
ubuntu/nginx-light | <1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
=20.04 | ||
All of | ||
ubuntu/nginx-extras | <1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
=20.04 | ||
All of | ||
ubuntu/libnginx-mod-http-lua | <1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
=20.04 | ||
All of | ||
ubuntu/nginx-core | <1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
=20.04 | ||
All of | ||
ubuntu/nginx-full | <1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
=20.04 | ||
All of | ||
ubuntu/nginx-light | <1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
=18.04 | ||
All of | ||
ubuntu/nginx-extras | <1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
=18.04 | ||
All of | ||
ubuntu/libnginx-mod-http-lua | <1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
=18.04 | ||
All of | ||
ubuntu/nginx-core | <1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
=18.04 | ||
All of | ||
ubuntu/nginx-full | <1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
=18.04 | ||
All of | ||
ubuntu/nginx-extras | <1.10.3-0ubuntu0.16.04.5+esm3 | 1.10.3-0ubuntu0.16.04.5+esm3 |
=16.04 | ||
All of | ||
ubuntu/nginx-core | <1.10.3-0ubuntu0.16.04.5+esm3 | 1.10.3-0ubuntu0.16.04.5+esm3 |
=16.04 | ||
All of | ||
ubuntu/nginx-light | <1.10.3-0ubuntu0.16.04.5+esm3 | 1.10.3-0ubuntu0.16.04.5+esm3 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for these nginx vulnerabilities is CVE-2020-11724.
An HTTP Request Smuggling attack is when an attacker manipulates the HTTP request to bypass security measures and perform unauthorized actions.
These vulnerabilities affect Ubuntu versions 16.04, 18.04, 20.04, and 21.10.
To fix these vulnerabilities, you need to update the affected nginx packages to the specified versions mentioned in the Ubuntu security advisory.
You can find more information about these vulnerabilities in the Ubuntu security advisories linked in the references section.