Description
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Remediation
References
Related Vulnerabilities
PleskWin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-24044)
Riot.js Resource Management Errors Vulnerability (CVE-2016-10527)
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-20407)
MySQL CVE-2012-3144 Vulnerability (CVE-2012-3144)
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)