Main Vulnerability Database Exploits ID:11364 - Exploit for Inconsistent interpretation of HTTP requests in nginx - CVE-2019-20372

ID:11364 - Exploit for Inconsistent interpretation of HTTP requests in nginx - CVE-2019-20372

Published: May 9, 2025

Vulnerability identifier: #VU24230

Vulnerability risk: Medium

CVE-ID: CVE-2019-20372

CWE-ID: CWE-444

Exploitation vector: Remote access

Vulnerable software:
nginx

Link to public exploit:

https://github.com/moften/CVE-2019-20372

Vulnerability description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists with certain error_page configurations. A remote attacker can read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Remediation

Install updates from vendor's website.

ID:11364 - Exploit for Inconsistent interpretation of HTTP requests in nginx - CVE-2019-20372

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human