HTTP Request Smuggling Vulnerability in OpenResty by OpenResty
CVE-2020-11724

7.5HIGH

Key Information:

Vendor

Openresty

Status
Vendor
CVE Published:
12 April 2020

What is CVE-2020-11724?

A vulnerability has been identified in OpenResty prior to version 1.15.8.4, specifically within the ngx_http_lua_subrequest.c component. This flaw allows for HTTP request smuggling, providing potential exploitation avenues through the ngx.location.capture API. By manipulating HTTP headers, an attacker could potentially send malformed requests that mislead the server's handling of subsequent requests, posing risks to application integrity and security.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.