HTTP request smuggling vulnerability in IDE Xcode Server in Apple Xcode - CVE-2019-20372ID: oval:org.secpod.oval:def:75135 | Date: (C)2021-09-23 (M)2023-12-20 |
Class: VULNERABILITY | Family: macos |
The host is installed with Xcode before 13 on Apple Mac OS 11.3 or later and is prone to an HTTP request smuggling vulnerability. A flaw is present in the application, which fails to properly handle issue in nginx. Successful exploitation allows an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.