Vulnerability CVE-2017-7529


Published: 2017-07-13

Description:
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Type:

CWE-190

(Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Nginx -> Nginx 

 References:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
http://www.securityfocus.com/bid/99534
http://www.securitytracker.com/id/1039238
https://access.redhat.com/errata/RHSA-2017:2538
https://puppet.com/security/cve/cve-2017-7529

Copyright 2024, cxsecurity.com

 

Back to Top