Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 723104 (CVE-2020-12440)

Summary: www-servers/nginx: HTTP smuggling vulnerability (CVE-2020-12440)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: whissi
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a
Whiteboard: B4 [upstream cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-14 21:58:18 UTC 
Description:
"NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-22 02:58:57 UTC 
Now rejected (as expected), closing.