Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7529

Опубликовано: 11 июл. 2017
Источник: redhat
CVSS3: 5.3
EPSS Критический

Описание

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsrh-nginx112-nginxNot affected
Red Hat Software Collectionsrh-nginx18-nginxWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-nginx110-nginxFixedRHSA-2017:253828.08.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-nginx110-nginxFixedRHSA-2017:253828.08.2017
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nginx110-nginxFixedRHSA-2017:253828.08.2017
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUSrh-nginx110-nginxFixedRHSA-2017:253828.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1468584nginx: Integer overflow in nginx range filter module leading to memory disclosure

EPSS

Процентиль: 100%
0.91909
Критический

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7529

CVSS3: 7.5
ubuntu
почти 8 лет назад

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

nvd логотип

CVE-2017-7529

CVSS3: 7.5
nvd
почти 8 лет назад

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

debian логотип

CVE-2017-7529

CVSS3: 7.5
debian
почти 8 лет назад

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...

suse-cvrf логотип

openSUSE-SU-2018:0823-1

suse-cvrf
около 7 лет назад

Security update for nginx

suse-cvrf логотип

openSUSE-SU-2017:2003-1

suse-cvrf
почти 8 лет назад

Security update for nginx

EPSS

Процентиль: 100%
0.91909
Критический

5.3 Medium

CVSS3