ID

VAR-201707-1309


CVE

CVE-2017-7529


TITLE

Nginx of range filter Module integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006088

DESCRIPTION

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3352-1 July 13, 2017 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1 Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3 Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 ===================================================================== 1. Summary: An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529) Red Hat would like to thank the Nginx project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-4 Xcode 13 Xcode 13 addresses the following issues. IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 Installation note: Xcode 13 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13"

Trust: 2.43

sources: NVD: CVE-2017-7529 // JVNDB: JVNDB-2017-006088 // BID: 99534 // VULHUB: VHN-115732 // VULMON: CVE-2017-7529 // PACKETSTORM: 143348 // PACKETSTORM: 143347 // PACKETSTORM: 143935 // PACKETSTORM: 164240

AFFECTED PRODUCTS

vendor:puppetmodel:enterprisescope:lteversion:2017.2.3

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.5.6

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.12.1

Trust: 1.0

vendor:puppetmodel:enterprisescope:ltversion:2016.4.7

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.13.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.13.2

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.0

Trust: 1.0

vendor:puppetmodel:enterprisescope:gteversion:2017.2.1

Trust: 1.0

vendor:puppetmodel:enterprisescope:gteversion:2017.1.0

Trust: 1.0

vendor:puppetmodel:enterprisescope:lteversion:2017.1.1

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:1.11.12

Trust: 0.9

vendor:igor sysoevmodel:nginxscope: - version: -

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:1.11.10

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.13

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.9

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.8

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.11

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.7

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.11.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.8.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.7.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.2.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.9.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8.55

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8.36

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.7.69

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6.39

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.5.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.2.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.19

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.0

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.13.3

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.12.1

Trust: 0.3

sources: BID: 99534 // JVNDB: JVNDB-2017-006088 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7529
value: HIGH

Trust: 1.0

NVD: CVE-2017-7529
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-563
value: HIGH

Trust: 0.6

VULHUB: VHN-115732
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-7529
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7529
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-115732
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-7529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-115732 // VULMON: CVE-2017-7529 // JVNDB: JVNDB-2017-006088 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-115732 // JVNDB: JVNDB-2017-006088 // NVD: CVE-2017-7529

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 143347 // PACKETSTORM: 143935 // CNNVD: CNNVD-201707-563

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201707-563

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006088

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-115732

PATCH

title:CVE-2017-7529url:http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Trust: 0.8

title:Nginx range filter Fixes for module digital error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=71698

Trust: 0.6

title:Ubuntu Security Notice: nginx vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3352-1

Trust: 0.1

title:Debian Security Advisories: DSA-3908-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=704f48ff7bd09792912d23527ab54543

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filterurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0f173670cb05b0faed5127f8a0445b1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-894url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-894

Trust: 0.1

title:Red Hat: CVE-2017-7529url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-7529

Trust: 0.1

title:Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosureurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-12

Trust: 0.1

title:Arch Linux Advisories: [ASA-201707-11] nginx: information disclosureurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-11

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-7529

Trust: 0.1

title:nginxpwnerurl:https://github.com/stark0de/nginxpwner

Trust: 0.1

title:cve-2017-7529url:https://github.com/cved-sources/cve-2017-7529

Trust: 0.1

title:nginx-CVE-2017-7529url:https://github.com/cyberharsh/nginx-CVE-2017-7529

Trust: 0.1

sources: VULMON: CVE-2017-7529 // JVNDB: JVNDB-2017-006088 // CNNVD: CNNVD-201707-563

EXTERNAL IDS

db:NVDid:CVE-2017-7529

Trust: 3.3

db:BIDid:99534

Trust: 2.0

db:SECTRACKid:1039238

Trust: 1.7

db:JVNDBid:JVNDB-2017-006088

Trust: 0.8

db:CNNVDid:CNNVD-201707-563

Trust: 0.7

db:PACKETSTORMid:164240

Trust: 0.7

db:AUSCERTid:ESB-2021.3157

Trust: 0.6

db:AUSCERTid:ESB-2020.1701

Trust: 0.6

db:PACKETSTORMid:143935

Trust: 0.2

db:PACKETSTORMid:143348

Trust: 0.2

db:PACKETSTORMid:143347

Trust: 0.2

db:SEEBUGid:SSVID-96273

Trust: 0.1

db:VULHUBid:VHN-115732

Trust: 0.1

db:VULMONid:CVE-2017-7529

Trust: 0.1

sources: VULHUB: VHN-115732 // VULMON: CVE-2017-7529 // BID: 99534 // JVNDB: JVNDB-2017-006088 // PACKETSTORM: 143348 // PACKETSTORM: 143347 // PACKETSTORM: 143935 // PACKETSTORM: 164240 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

REFERENCES

url:http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2017:2538

Trust: 1.8

url:http://www.securityfocus.com/bid/99534

Trust: 1.7

url:https://puppet.com/security/cve/cve-2017-7529

Trust: 1.7

url:https://support.apple.com/kb/ht212818

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/sep/36

Trust: 1.7

url:http://www.securitytracker.com/id/1039238

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-7529

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529

Trust: 0.8

url:https://support.apple.com/en-us/ht212818

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3157

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1701/

Trust: 0.6

url:https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html

Trust: 0.6

url:http://nginx.org/

Trust: 0.3

url:http://nginx.org/#2017-07-11

Trust: 0.3

url:http://nginx.org/en/security_advisories.html

Trust: 0.3

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3352-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7529

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16843

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16845

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0747

Trust: 0.1

url:https://support.apple.com/ht212818.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0742

Trust: 0.1

sources: VULHUB: VHN-115732 // BID: 99534 // JVNDB: JVNDB-2017-006088 // PACKETSTORM: 143348 // PACKETSTORM: 143347 // PACKETSTORM: 143935 // PACKETSTORM: 164240 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 99534

SOURCES

db:VULHUBid:VHN-115732
db:VULMONid:CVE-2017-7529
db:BIDid:99534
db:JVNDBid:JVNDB-2017-006088
db:PACKETSTORMid:143348
db:PACKETSTORMid:143347
db:PACKETSTORMid:143935
db:PACKETSTORMid:164240
db:CNNVDid:CNNVD-201707-563
db:NVDid:CVE-2017-7529

LAST UPDATE DATE

2024-08-14T13:04:01.201000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-115732date:2021-11-10T00:00:00
db:VULMONid:CVE-2017-7529date:2022-01-24T00:00:00
db:BIDid:99534date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006088date:2017-08-17T00:00:00
db:CNNVDid:CNNVD-201707-563date:2023-05-15T00:00:00
db:NVDid:CVE-2017-7529date:2022-01-24T16:46:04.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-115732date:2017-07-13T00:00:00
db:VULMONid:CVE-2017-7529date:2017-07-13T00:00:00
db:BIDid:99534date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006088date:2017-08-17T00:00:00
db:PACKETSTORMid:143348date:2017-07-14T02:16:01
db:PACKETSTORMid:143347date:2017-07-14T02:15:51
db:PACKETSTORMid:143935date:2017-08-28T21:24:00
db:PACKETSTORMid:164240date:2021-09-22T16:28:58
db:CNNVDid:CNNVD-201707-563date:2017-07-13T00:00:00
db:NVDid:CVE-2017-7529date:2017-07-13T13:29:00.220