Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-11724

Published: 12/04/2020 Updated: 29/01/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Openresty

Vulnerability Summary

An issue exists in OpenResty prior to 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openresty openresty

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: nginx: CVE-2020-11724
Debian Bug report logs - #964950 nginx: CVE-2020-11724 Package: nginx; Maintainer for nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Source for nginx is src:nginx (PTS, buildd, popcon) Reported by: Sylvain Beucler <beuc@beucnet> Date: Mon, 13 Jul 2020 09:15:02 UTC Severity: grave ...
Debian Security Advisories: DSA-4750-1 nginx -- security update
It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability For the stable distribution (buster), this problem has been fixed in version 1142-2+deb10u3 We recommend that you upgrade your nginx packages For the detailed security status of nginx please refer t ...
Ubuntu Security Notice: USN-5371-2: nginx vulnerability
nginx could be made to redirect network traffic ...
Ubuntu Security Notice: USN-5371-3: nginx vulnerability
A security issue was fixed in nginx’s lua module ...
Ubuntu Security Notice: USN-5371-1: nginx vulnerabilities
Several security issues were fixed in nginx ...

References

CWE-444https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patchhttps://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fahttps://lists.debian.org/debian-lts-announce/2020/07/msg00014.htmlhttps://www.debian.org/security/2020/dsa-4750https://security.netapp.com/advisory/ntap-20210129-0002/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5371-2https://www.debian.org/security/2020/dsa-4750
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook