Sign-up

ID

VAR-201707-1309


CVE

CVE-2017-7529


TITLE

Nginx of range filter Module integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006088

DESCRIPTION

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3352-1 July 13, 2017 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1 Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3 Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 ===================================================================== 1. Summary: An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529) Red Hat would like to thank the Nginx project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-4 Xcode 13 Xcode 13 addresses the following issues. IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 Installation note: Xcode 13 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13"

Trust: 2.43

sources: NVD: CVE-2017-7529 // JVNDB: JVNDB-2017-006088 // BID: 99534 // VULHUB: VHN-115732 // VULMON: CVE-2017-7529 // PACKETSTORM: 143348 // PACKETSTORM: 143347 // PACKETSTORM: 143935 // PACKETSTORM: 164240

AFFECTED PRODUCTS

vendor:puppetmodel:enterprisescope:lteversion:2017.2.3

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.5.6

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.12.1

Trust: 1.0

vendor:puppetmodel:enterprisescope:ltversion:2016.4.7

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.13.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.13.2

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.0

Trust: 1.0

vendor:puppetmodel:enterprisescope:gteversion:2017.2.1

Trust: 1.0

vendor:puppetmodel:enterprisescope:gteversion:2017.1.0

Trust: 1.0

vendor:puppetmodel:enterprisescope:lteversion:2017.1.1

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:1.11.12

Trust: 0.9

vendor:igor sysoevmodel:nginxscope: - version: -

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:1.11.10

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.13

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.9

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.8

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.13.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.11

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.11.7

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.11.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.8.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.7.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.2.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.9.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8.55

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8.36

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.7.69

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6.39

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.5.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.2.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.19

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.0.0

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.13.3

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.12.1

Trust: 0.3

sources: BID: 99534 // JVNDB: JVNDB-2017-006088 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7529
value: HIGH

Trust: 1.0

NVD: CVE-2017-7529
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-563
value: HIGH

Trust: 0.6

VULHUB: VHN-115732
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-7529
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7529
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-115732
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-7529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-115732 // VULMON: CVE-2017-7529 // JVNDB: JVNDB-2017-006088 // CNNVD: CNNVD-201707-563 // NVD: CVE-2017-7529

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-115732 // JVNDB: JVNDB-2017-006088 // NVD: CVE-2017-7529

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 143347 // PACKETSTORM: 143935 // CNNVD: CNNVD-201707-563

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201707-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006088

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115732

PATCH
title:CVE-2017-7529url:http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Trust: 0.8
title:Nginx range filter Fixes for module digital error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=71698
Trust: 0.6
title:Ubuntu Security Notice: nginx vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3352-1
Trust: 0.1
title:Debian Security Advisories: DSA-3908-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=704f48ff7bd09792912d23527ab54543
Trust: 0.1
title:Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filterurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0f173670cb05b0faed5127f8a0445b1
Trust: 0.1
title:Amazon Linux AMI: ALAS-2017-894url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-894
Trust: 0.1
title:Red Hat: CVE-2017-7529url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-7529
Trust: 0.1
title:Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosureurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-12
Trust: 0.1
title:Arch Linux Advisories: [ASA-201707-11] nginx: information disclosureurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-11
Trust: 0.1
title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-7529
Trust: 0.1
title:nginxpwnerurl:https://github.com/stark0de/nginxpwner 
Trust: 0.1
title:cve-2017-7529url:https://github.com/cved-sources/cve-2017-7529 
Trust: 0.1
title:nginx-CVE-2017-7529url:https://github.com/cyberharsh/nginx-CVE-2017-7529 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-7529 // 
            
            
            
            JVNDB: JVNDB-2017-006088 // 
            
            
            
            CNNVD: CNNVD-201707-563

EXTERNAL IDS
db:NVDid:CVE-2017-7529
Trust: 3.3
db:BIDid:99534
Trust: 2.0
db:SECTRACKid:1039238
Trust: 1.7
db:JVNDBid:JVNDB-2017-006088
Trust: 0.8
db:CNNVDid:CNNVD-201707-563
Trust: 0.7
db:PACKETSTORMid:164240
Trust: 0.7
db:AUSCERTid:ESB-2021.3157
Trust: 0.6
db:AUSCERTid:ESB-2020.1701
Trust: 0.6
db:PACKETSTORMid:143935
Trust: 0.2
db:PACKETSTORMid:143348
Trust: 0.2
db:PACKETSTORMid:143347
Trust: 0.2
db:SEEBUGid:SSVID-96273
Trust: 0.1
db:VULHUBid:VHN-115732
Trust: 0.1
db:VULMONid:CVE-2017-7529
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115732 // 
            
            
            
            VULMON: CVE-2017-7529 // 
            
            
            
            BID: 99534 // 
            
            
            
            JVNDB: JVNDB-2017-006088 // 
            
            
            
            PACKETSTORM: 143348 // 
            
            
            
            PACKETSTORM: 143347 // 
            
            
            
            PACKETSTORM: 143935 // 
            
            
            
            PACKETSTORM: 164240 // 
            
            
            
            CNNVD: CNNVD-201707-563 // 
            
            
            
            NVD: CVE-2017-7529

REFERENCES
url:http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Trust: 2.0
url:https://access.redhat.com/errata/rhsa-2017:2538
Trust: 1.8
url:http://www.securityfocus.com/bid/99534
Trust: 1.7
url:https://puppet.com/security/cve/cve-2017-7529
Trust: 1.7
url:https://support.apple.com/kb/ht212818
Trust: 1.7
url:http://seclists.org/fulldisclosure/2021/sep/36
Trust: 1.7
url:http://www.securitytracker.com/id/1039238
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-7529
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529
Trust: 0.8
url:https://support.apple.com/en-us/ht212818
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3157
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1701/
Trust: 0.6
url:https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html
Trust: 0.6
url:http://nginx.org/
Trust: 0.3
url:http://nginx.org/#2017-07-11
Trust: 0.3
url:http://nginx.org/en/security_advisories.html
Trust: 0.3
url:https://www.debian.org/security/
Trust: 0.1
url:https://www.debian.org/security/faq
Trust: 0.1
url:https://www.ubuntu.com/usn/usn-3352-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3
Trust: 0.1
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#low
Trust: 0.1
url:https://bugzilla.redhat.com/):
Trust: 0.1
url:https://access.redhat.com/security/team/key/
Trust: 0.1
url:https://access.redhat.com/articles/11258
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2017-7529
Trust: 0.1
url:https://access.redhat.com/security/team/contact/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-20372
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-16843
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-16845
Trust: 0.1
url:https://developer.apple.com/xcode/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-16844
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0746
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0747
Trust: 0.1
url:https://support.apple.com/ht212818.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115732 // 
            
            
            
            BID: 99534 // 
            
            
            
            JVNDB: JVNDB-2017-006088 // 
            
            
            
            PACKETSTORM: 143348 // 
            
            
            
            PACKETSTORM: 143347 // 
            
            
            
            PACKETSTORM: 143935 // 
            
            
            
            PACKETSTORM: 164240 // 
            
            
            
            CNNVD: CNNVD-201707-563 // 
            
            
            
            NVD: CVE-2017-7529

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 99534

SOURCES
db:VULHUBid:VHN-115732
db:VULMONid:CVE-2017-7529
db:BIDid:99534
db:JVNDBid:JVNDB-2017-006088
db:PACKETSTORMid:143348
db:PACKETSTORMid:143347
db:PACKETSTORMid:143935
db:PACKETSTORMid:164240
db:CNNVDid:CNNVD-201707-563
db:NVDid:CVE-2017-7529

LAST UPDATE DATE
2024-08-14T13:04:01.201000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115732date:2021-11-10T00:00:00
db:VULMONid:CVE-2017-7529date:2022-01-24T00:00:00
db:BIDid:99534date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006088date:2017-08-17T00:00:00
db:CNNVDid:CNNVD-201707-563date:2023-05-15T00:00:00
db:NVDid:CVE-2017-7529date:2022-01-24T16:46:04.030

SOURCES RELEASE DATE
db:VULHUBid:VHN-115732date:2017-07-13T00:00:00
db:VULMONid:CVE-2017-7529date:2017-07-13T00:00:00
db:BIDid:99534date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006088date:2017-08-17T00:00:00
db:PACKETSTORMid:143348date:2017-07-14T02:16:01
db:PACKETSTORMid:143347date:2017-07-14T02:15:51
db:PACKETSTORMid:143935date:2017-08-28T21:24:00
db:PACKETSTORMid:164240date:2021-09-22T16:28:58
db:CNNVDid:CNNVD-201707-563date:2017-07-13T00:00:00
db:NVDid:CVE-2017-7529date:2017-07-13T13:29:00.220