CVE-2019-20372

MEDIUM LAB

NGINX < 1.17.7 - HTTP Request Smuggling via error_page Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-20372. PoCs published by 0xleft, moften, vuongnv3389-sec.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-20372, an HTTP request smuggling vulnerability in nginx. The exploit leverages the error_page directive to smuggle a second request, potentially bypassing access controls.

Description

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Exploits (3)

nomisec WORKING POC 5 stars
by 0xleft · poc
https://github.com/0xleft/CVE-2019-20372

This repository contains a functional exploit for CVE-2019-20372, an HTTP request smuggling vulnerability in nginx. The exploit leverages the error_page directive to smuggle a second request, potentially bypassing access controls.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: nginx 1.17.6
No auth needed
Prerequisites: Vulnerable nginx server with specific error_page configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by moften · poc
https://github.com/moften/CVE-2019-20372

This repository contains a functional Python exploit for CVE-2019-20372, targeting Nginx versions before 1.17.7. The exploit attempts to upload a malicious PHP file via HTTP PUT request, leveraging misconfigured error_page directives to achieve unauthenticated file upload and potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nginx before 1.17.7
No auth needed
Prerequisites: Nginx with vulnerable error_page configuration · HTTP PUT method enabled · Access to upload directory
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by vuongnv3389-sec · poc
https://github.com/vuongnv3389-sec/CVE-2019-20372

This repository contains a functional proof-of-concept for CVE-2019-20372, an HTTP request smuggling vulnerability in Nginx. The exploit leverages a malformed HTTP request with conflicting Content-Length headers to smuggle a secondary request, potentially accessing hidden endpoints.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Nginx 1.17.6
No auth needed
Prerequisites: Docker environment to run Nginx 1.17.6 · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
Mitigation, Release Notes, Vendor Advisory x_refsource_misc
http://nginx.org/en/CHANGES
Release Notes, Third Party Advisory x_refsource_misc
https://duo.com/docs/dng-notes#version-1.5.4-january-2020
Patch, Third Party Advisory x_refsource_misc
https://github.com/kubernetes/ingress-nginx/pull/4859
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4235-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4235-2/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200127-0003/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212818
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Sep/36

Scores

CVSS v3 5.3
EPSS 0.1496
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull nginx:1.17.6
+1 more repos

Details

CWE
CWE-444
Status published
Products (5)
apple/xcode < 13.0
canonical/ubuntu_linux 14.04
f5/nginx < 1.17.7
netapp/cloud_backup
opensuse/leap 15.1
Published Jan 09, 2020
Tracked Since Feb 18, 2026