Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
Link | Resource |
---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | Vendor Advisory |
http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/99534 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039238 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:2538 | Third Party Advisory |
https://puppet.com/security/cve/cve-2017-7529 | Third Party Advisory |
https://support.apple.com/kb/HT212818 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
24 Jan 2022, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE |
16 Dec 2021, 18:48
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/36 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT212818 - Third Party Advisory | |
CPE | cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:* |
10 Nov 2021, 16:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* |
22 Sep 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-07-13 13:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-7529
Mitre link : CVE-2017-7529
CVE.ORG link : CVE-2017-7529
JSON object : View
Products Affected
f5
- nginx
apple
- xcode
puppet
- puppet_enterprise
CWE
CWE-190
Integer Overflow or Wraparound