NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Brocade SANnav versions before SANnav 2.1.1
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
A security update has been provided in Brocade SANnav 2.1.1 and higher releases.
This issue was discovered through security testing.
Version | Change | Date
1.0 | Initial Publication | May 10, 2021