Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Exploits (3)
References (11)
Scores
CVSS v3
5.3
EPSS
0.7083
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lab Environment
Details
CWE
CWE-444
Status
published
Products (5)
apple/xcode
< 13.0
canonical/ubuntu_linux
14.04
f5/nginx
< 1.17.7
netapp/cloud_backup
opensuse/leap
15.1
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026