2 matches found
AZL-31333 CVE-2023-44487 affecting package nginx for versions less than 1.22.1-11
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
nginx: HTTP request smuggling in configurations with URL redirect used as error_page
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...