Site icon API Security Blog

Ubuntu 16.04 ESM : nginx vulnerability (USN-5371-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5371-3 advisory.

– An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. (CVE-2020-11724)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version