Welcome! Log In Create A New Profile

Advanced

CVE-2019-20372

Frank Liu
October 05, 2020 06:26PM
Hi,

CVE-2019-20372 mentioned a security vulnerability, but I don't see it in
http://nginx.org/en/security_advisories.html
CVE-2019-20372 did say a fix in nginx 1.17.7. When I check the CHANGES
http://nginx.org/en/CHANGES-1.18, I see bugfix:

*) Bugfix: requests with bodies were handled incorrectly when returning
redirections with the "error_page" directive; the bug had appeared in
0.7.12.

Are those the same thing from this commit
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e?
Is this really a vulnerability? under what conditions?

Thanks!
Frank
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

CVE-2019-20372

Frank Liu October 05, 2020 06:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready