Details of VAR-202004-0234

ID

VAR-202004-0234

CVE

CVE-2020-11724

TITLE

OpenResty In HTTP Request Smagling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-003935

DESCRIPTION

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. OpenResty is a web application server based on Nginx and Lua from China Ou Rui Software Development (OpenResty). The ngx_http_lua_subrequest.c file in versions prior to OpenResty 1.15.8.4 has an environmental problem vulnerability. The vulnerability stems from the unreasonable environmental factors of the network system or product. There is currently no detailed vulnerability details provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4750-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2020-11724 Debian Bug : 964950 It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u3. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9GlAhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q+QBAAlo31j8w4zpQNYaxVm7K/lH4TukFPbE79ZSBnuWvtiC59a7AwWbfqCWd5 kkMTicjMYsExEp+jgnFex5W0LEQ/weRE8DHnAaDIEs4V1eJHzj5NxPUB0ZpFJshJ oLB8lMX5vJDTSynMmBzzY65UTZl8/5CVDxbku8yS1zVXtl3RHxCoHpmzxWrpfkhU cl9fdNVF2Vn1GENen5PNz9AhOXLp/Px6Y/iSAYjwLPQJPTEHbYtdBnu/p113QUz9 OlvW1A7hVYtpg6JfX2/dQMzhBHetyOwqnLSnWMPPe/MOd0hA9m3//DHmR5mIb263 YsdOL27u3IVf6leSZ4T8KhK1IChHZF1/Kw6VCaIKr4LtWtPJYDM+QE7pXA7s9UIM eulmVn4q2ppjSCgV9MqlQpEYs7xvkAgaEAakE93FwARliAhtvmo5JXtz29NamGfp FjfC8wMNGinVL4Xt8Za3na4QFDuBFD936qOL38vyPS6MrOc0H6RoI2aDHDr0YJi/ YlrhIyAQ8anAVqFaueGrfz9AWcLDCWKWa6A7ShIZLRIUlPyUwZ4M0jnQNEw4epva Y8LqLuDvrG2Zl9saVD0YmkAVh2A2o3xVuiQa1O4wTYQPvAW2WT87yjXsamjGila8 whAgsNA6L2BC2Y9jHCCeYV57e/dibmDrC2QFprEeqDNKZD2a8UE= =QmrI -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5371-2 April 28, 2022 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: nginx could be made to redirect network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: nginx-core 1.18.0-6ubuntu14.1 nginx-extras 1.18.0-6ubuntu14.1 nginx-light 1.18.0-6ubuntu14.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5371-2 https://ubuntu.com/security/notices/USN-5371-1 CVE-2021-3618 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1

Trust: 2.61

sources: NVD: CVE-2020-11724 // JVNDB: JVNDB-2020-003935 // CNVD: CNVD-2020-22977 // VULMON: CVE-2020-11724 // PACKETSTORM: 166709 // PACKETSTORM: 168900 // PACKETSTORM: 168672 // PACKETSTORM: 166888

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-22977

AFFECTED PRODUCTS

vendor:	openresty	model:	openresty	scope:	lt	version:	1.15.8.4	Trust: 1.6
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	openresty	model:	openresty	scope:	eq	version:	1.15.8.4	Trust: 0.8

sources: CNVD: CNVD-2020-22977 // JVNDB: JVNDB-2020-003935 // NVD: CVE-2020-11724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11724
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003935
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-22977
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-615
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-11724
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11724
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-003935
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-22977
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-11724
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003935
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-22977 // VULMON: CVE-2020-11724 // JVNDB: JVNDB-2020-003935 // CNNVD: CNNVD-202004-615 // NVD: CVE-2020-11724

PROBLEMTYPE DATA

problemtype:

CWE-444

Trust: 1.8

sources: JVNDB: JVNDB-2020-003935 // NVD: CVE-2020-11724

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168672 // CNNVD: CNNVD-202004-615

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-615

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003935

PATCH

title:	bugfix: prevented request smuggling in the ngx.location.capture API.	url:	https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch	Trust: 0.8
title:	Debian CVElist Bug Report Logs: nginx: CVE-2020-11724	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0874e0870430fc2dae43fb8d79f4f403	Trust: 0.1
title:	Debian Security Advisories: DSA-4750-1 nginx -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bb488a3de40db1667c791b994279fc7b	Trust: 0.1
title:	Ubuntu Security Notice: USN-5371-1: nginx vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-1	Trust: 0.1
title:	HTTP-REQUEST-SMUGGLING	url:	https://github.com/403accessdenied/HTTP-REQUEST-SMUGGLING	Trust: 0.1

sources: VULMON: CVE-2020-11724 // JVNDB: JVNDB-2020-003935

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11724	Trust: 3.5
db:	JVNDB	id:	JVNDB-2020-003935	Trust: 0.8
db:	PACKETSTORM	id:	166709	Trust: 0.7
db:	PACKETSTORM	id:	168672	Trust: 0.7
db:	PACKETSTORM	id:	166888	Trust: 0.7
db:	CNVD	id:	CNVD-2020-22977	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2462	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1628	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2941	Trust: 0.6
db:	CS-HELP	id:	SB2022042817	Trust: 0.6
db:	CS-HELP	id:	SB2022041422	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-615	Trust: 0.6
db:	VULMON	id:	CVE-2020-11724	Trust: 0.1
db:	PACKETSTORM	id:	168900	Trust: 0.1

sources: CNVD: CNVD-2020-22977 // VULMON: CVE-2020-11724 // JVNDB: JVNDB-2020-003935 // PACKETSTORM: 166709 // PACKETSTORM: 168900 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // CNNVD: CNNVD-202004-615 // NVD: CVE-2020-11724

REFERENCES

url:	https://www.debian.org/security/2020/dsa-4750	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11724	Trust: 1.8
url:	https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210129-0002/	Trust: 1.7
url:	https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11724	Trust: 0.8
url:	http_lua-0.10.15-fix_location_capture_content_length_chunked.patch	Trust: 0.6
url:	https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_	Trust: 0.6
url:	https://packetstormsecurity.com/files/168672/ubuntu-security-notice-usn-5371-3.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2941/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042817	Trust: 0.6
url:	https://packetstormsecurity.com/files/166709/ubuntu-security-notice-usn-5371-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2462/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1628	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041422	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ngx-lua-plugin-information-disclosure-via-ngx-location-capture-32886	Trust: 0.6
url:	https://packetstormsecurity.com/files/166888/ubuntu-security-notice-usn-5371-2.html	Trust: 0.6
url:	https://ubuntu.com/security/notices/usn-5371-1	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3618	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36309	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/444.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nginx	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5371-3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5371-2	Trust: 0.1

sources: VULMON: CVE-2020-11724 // JVNDB: JVNDB-2020-003935 // PACKETSTORM: 166709 // PACKETSTORM: 168900 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // CNNVD: CNNVD-202004-615 // NVD: CVE-2020-11724

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888

SOURCES

db:	CNVD	id:	CNVD-2020-22977
db:	VULMON	id:	CVE-2020-11724
db:	JVNDB	id:	JVNDB-2020-003935
db:	PACKETSTORM	id:	166709
db:	PACKETSTORM	id:	168900
db:	PACKETSTORM	id:	168672
db:	PACKETSTORM	id:	166888
db:	CNNVD	id:	CNNVD-202004-615
db:	NVD	id:	CVE-2020-11724

LAST UPDATE DATE

2024-11-23T20:02:19.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-22977	date:	2020-04-15T00:00:00
db:	VULMON	id:	CVE-2020-11724	date:	2021-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-003935	date:	2020-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202004-615	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2020-11724	date:	2024-11-21T04:58:29.307

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-22977	date:	2020-04-15T00:00:00
db:	VULMON	id:	CVE-2020-11724	date:	2020-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-003935	date:	2020-04-30T00:00:00
db:	PACKETSTORM	id:	166709	date:	2022-04-13T15:03:13
db:	PACKETSTORM	id:	168900	date:	2020-08-28T19:12:00
db:	PACKETSTORM	id:	168672	date:	2022-10-10T16:13:35
db:	PACKETSTORM	id:	166888	date:	2022-04-28T15:18:16
db:	CNNVD	id:	CNNVD-202004-615	date:	2020-04-12T00:00:00
db:	NVD	id:	CVE-2020-11724	date:	2020-04-12T21:15:10.317