ID CVE-2017-7529
Summary Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
Vulnerable Configurations
  • cpe:2.3:a:nginx:nginx:0.5.6
    cpe:2.3:a:nginx:nginx:0.5.6
  • cpe:2.3:a:nginx:nginx:0.5.7
    cpe:2.3:a:nginx:nginx:0.5.7
  • cpe:2.3:a:nginx:nginx:0.5.8
    cpe:2.3:a:nginx:nginx:0.5.8
  • cpe:2.3:a:nginx:nginx:0.5.9
    cpe:2.3:a:nginx:nginx:0.5.9
  • cpe:2.3:a:nginx:nginx:0.5.10
    cpe:2.3:a:nginx:nginx:0.5.10
  • cpe:2.3:a:nginx:nginx:0.5.11
    cpe:2.3:a:nginx:nginx:0.5.11
  • cpe:2.3:a:nginx:nginx:0.5.12
    cpe:2.3:a:nginx:nginx:0.5.12
  • cpe:2.3:a:nginx:nginx:0.5.13
    cpe:2.3:a:nginx:nginx:0.5.13
  • cpe:2.3:a:nginx:nginx:0.5.14
    cpe:2.3:a:nginx:nginx:0.5.14
  • cpe:2.3:a:nginx:nginx:0.5.15
    cpe:2.3:a:nginx:nginx:0.5.15
  • cpe:2.3:a:nginx:nginx:0.5.16
    cpe:2.3:a:nginx:nginx:0.5.16
  • cpe:2.3:a:nginx:nginx:0.5.17
    cpe:2.3:a:nginx:nginx:0.5.17
  • cpe:2.3:a:nginx:nginx:0.5.18
    cpe:2.3:a:nginx:nginx:0.5.18
  • cpe:2.3:a:nginx:nginx:0.5.19
    cpe:2.3:a:nginx:nginx:0.5.19
  • cpe:2.3:a:nginx:nginx:0.5.20
    cpe:2.3:a:nginx:nginx:0.5.20
  • cpe:2.3:a:nginx:nginx:0.5.21
    cpe:2.3:a:nginx:nginx:0.5.21
  • cpe:2.3:a:nginx:nginx:0.5.22
    cpe:2.3:a:nginx:nginx:0.5.22
  • cpe:2.3:a:nginx:nginx:0.5.23
    cpe:2.3:a:nginx:nginx:0.5.23
  • cpe:2.3:a:nginx:nginx:0.5.24
    cpe:2.3:a:nginx:nginx:0.5.24
  • cpe:2.3:a:nginx:nginx:0.5.25
    cpe:2.3:a:nginx:nginx:0.5.25
  • cpe:2.3:a:nginx:nginx:0.6.0
    cpe:2.3:a:nginx:nginx:0.6.0
  • cpe:2.3:a:nginx:nginx:0.6.1
    cpe:2.3:a:nginx:nginx:0.6.1
  • cpe:2.3:a:nginx:nginx:0.6.2
    cpe:2.3:a:nginx:nginx:0.6.2
  • cpe:2.3:a:nginx:nginx:0.6.3
    cpe:2.3:a:nginx:nginx:0.6.3
  • cpe:2.3:a:nginx:nginx:0.6.4
    cpe:2.3:a:nginx:nginx:0.6.4
  • cpe:2.3:a:nginx:nginx:0.6.5
    cpe:2.3:a:nginx:nginx:0.6.5
  • cpe:2.3:a:nginx:nginx:0.6.6
    cpe:2.3:a:nginx:nginx:0.6.6
  • cpe:2.3:a:nginx:nginx:0.6.7
    cpe:2.3:a:nginx:nginx:0.6.7
  • cpe:2.3:a:nginx:nginx:0.6.8
    cpe:2.3:a:nginx:nginx:0.6.8
  • cpe:2.3:a:nginx:nginx:0.6.9
    cpe:2.3:a:nginx:nginx:0.6.9
  • cpe:2.3:a:nginx:nginx:0.6.10
    cpe:2.3:a:nginx:nginx:0.6.10
  • cpe:2.3:a:nginx:nginx:0.6.11
    cpe:2.3:a:nginx:nginx:0.6.11
  • cpe:2.3:a:nginx:nginx:0.6.12
    cpe:2.3:a:nginx:nginx:0.6.12
  • cpe:2.3:a:nginx:nginx:0.6.13
    cpe:2.3:a:nginx:nginx:0.6.13
  • cpe:2.3:a:nginx:nginx:0.6.14
    cpe:2.3:a:nginx:nginx:0.6.14
  • cpe:2.3:a:nginx:nginx:0.6.15
    cpe:2.3:a:nginx:nginx:0.6.15
  • cpe:2.3:a:nginx:nginx:0.6.16
    cpe:2.3:a:nginx:nginx:0.6.16
  • cpe:2.3:a:nginx:nginx:0.6.17
    cpe:2.3:a:nginx:nginx:0.6.17
  • cpe:2.3:a:nginx:nginx:0.6.18
    cpe:2.3:a:nginx:nginx:0.6.18
  • cpe:2.3:a:nginx:nginx:0.6.19
    cpe:2.3:a:nginx:nginx:0.6.19
  • cpe:2.3:a:nginx:nginx:0.6.20
    cpe:2.3:a:nginx:nginx:0.6.20
  • cpe:2.3:a:nginx:nginx:0.6.21
    cpe:2.3:a:nginx:nginx:0.6.21
  • cpe:2.3:a:nginx:nginx:0.6.22
    cpe:2.3:a:nginx:nginx:0.6.22
  • cpe:2.3:a:nginx:nginx:0.6.23
    cpe:2.3:a:nginx:nginx:0.6.23
  • cpe:2.3:a:nginx:nginx:0.6.24
    cpe:2.3:a:nginx:nginx:0.6.24
  • cpe:2.3:a:nginx:nginx:0.6.25
    cpe:2.3:a:nginx:nginx:0.6.25
  • cpe:2.3:a:nginx:nginx:0.6.26
    cpe:2.3:a:nginx:nginx:0.6.26
  • cpe:2.3:a:nginx:nginx:0.6.27
    cpe:2.3:a:nginx:nginx:0.6.27
  • cpe:2.3:a:nginx:nginx:0.6.28
    cpe:2.3:a:nginx:nginx:0.6.28
  • cpe:2.3:a:nginx:nginx:0.6.29
    cpe:2.3:a:nginx:nginx:0.6.29
  • cpe:2.3:a:nginx:nginx:0.6.30
    cpe:2.3:a:nginx:nginx:0.6.30
  • cpe:2.3:a:nginx:nginx:0.6.31
    cpe:2.3:a:nginx:nginx:0.6.31
  • cpe:2.3:a:nginx:nginx:0.7.0
    cpe:2.3:a:nginx:nginx:0.7.0
  • cpe:2.3:a:nginx:nginx:0.7.1
    cpe:2.3:a:nginx:nginx:0.7.1
  • cpe:2.3:a:nginx:nginx:0.7.2
    cpe:2.3:a:nginx:nginx:0.7.2
  • cpe:2.3:a:nginx:nginx:0.7.3
    cpe:2.3:a:nginx:nginx:0.7.3
  • cpe:2.3:a:nginx:nginx:0.7.4
    cpe:2.3:a:nginx:nginx:0.7.4
  • cpe:2.3:a:nginx:nginx:0.7.5
    cpe:2.3:a:nginx:nginx:0.7.5
  • cpe:2.3:a:nginx:nginx:0.7.6
    cpe:2.3:a:nginx:nginx:0.7.6
  • cpe:2.3:a:nginx:nginx:0.7.7
    cpe:2.3:a:nginx:nginx:0.7.7
  • cpe:2.3:a:nginx:nginx:0.7.8
    cpe:2.3:a:nginx:nginx:0.7.8
  • cpe:2.3:a:nginx:nginx:0.7.9
    cpe:2.3:a:nginx:nginx:0.7.9
  • cpe:2.3:a:nginx:nginx:0.7.10
    cpe:2.3:a:nginx:nginx:0.7.10
  • cpe:2.3:a:nginx:nginx:0.7.11
    cpe:2.3:a:nginx:nginx:0.7.11
  • cpe:2.3:a:nginx:nginx:0.7.12
    cpe:2.3:a:nginx:nginx:0.7.12
  • cpe:2.3:a:nginx:nginx:0.7.13
    cpe:2.3:a:nginx:nginx:0.7.13
  • cpe:2.3:a:nginx:nginx:0.7.14
    cpe:2.3:a:nginx:nginx:0.7.14
  • cpe:2.3:a:nginx:nginx:0.7.15
    cpe:2.3:a:nginx:nginx:0.7.15
  • cpe:2.3:a:nginx:nginx:0.7.16
    cpe:2.3:a:nginx:nginx:0.7.16
  • cpe:2.3:a:nginx:nginx:0.7.17
    cpe:2.3:a:nginx:nginx:0.7.17
  • cpe:2.3:a:nginx:nginx:0.7.18
    cpe:2.3:a:nginx:nginx:0.7.18
  • cpe:2.3:a:nginx:nginx:0.7.19
    cpe:2.3:a:nginx:nginx:0.7.19
  • cpe:2.3:a:nginx:nginx:0.7.20
    cpe:2.3:a:nginx:nginx:0.7.20
  • cpe:2.3:a:nginx:nginx:0.7.21
    cpe:2.3:a:nginx:nginx:0.7.21
  • cpe:2.3:a:nginx:nginx:0.7.22
    cpe:2.3:a:nginx:nginx:0.7.22
  • cpe:2.3:a:nginx:nginx:0.7.23
    cpe:2.3:a:nginx:nginx:0.7.23
  • cpe:2.3:a:nginx:nginx:0.7.24
    cpe:2.3:a:nginx:nginx:0.7.24
  • cpe:2.3:a:nginx:nginx:0.7.25
    cpe:2.3:a:nginx:nginx:0.7.25
  • cpe:2.3:a:nginx:nginx:0.7.26
    cpe:2.3:a:nginx:nginx:0.7.26
  • cpe:2.3:a:nginx:nginx:0.7.27
    cpe:2.3:a:nginx:nginx:0.7.27
  • cpe:2.3:a:nginx:nginx:0.7.28
    cpe:2.3:a:nginx:nginx:0.7.28
  • cpe:2.3:a:nginx:nginx:0.7.29
    cpe:2.3:a:nginx:nginx:0.7.29
  • cpe:2.3:a:nginx:nginx:0.7.30
    cpe:2.3:a:nginx:nginx:0.7.30
  • cpe:2.3:a:nginx:nginx:0.7.31
    cpe:2.3:a:nginx:nginx:0.7.31
  • cpe:2.3:a:nginx:nginx:0.7.32
    cpe:2.3:a:nginx:nginx:0.7.32
  • cpe:2.3:a:nginx:nginx:0.7.33
    cpe:2.3:a:nginx:nginx:0.7.33
  • cpe:2.3:a:nginx:nginx:0.7.34
    cpe:2.3:a:nginx:nginx:0.7.34
  • cpe:2.3:a:nginx:nginx:0.7.35
    cpe:2.3:a:nginx:nginx:0.7.35
  • cpe:2.3:a:nginx:nginx:0.7.36
    cpe:2.3:a:nginx:nginx:0.7.36
  • cpe:2.3:a:nginx:nginx:0.7.37
    cpe:2.3:a:nginx:nginx:0.7.37
  • cpe:2.3:a:nginx:nginx:0.7.38
    cpe:2.3:a:nginx:nginx:0.7.38
  • cpe:2.3:a:nginx:nginx:0.7.39
    cpe:2.3:a:nginx:nginx:0.7.39
  • cpe:2.3:a:nginx:nginx:0.7.40
    cpe:2.3:a:nginx:nginx:0.7.40
  • cpe:2.3:a:nginx:nginx:0.7.41
    cpe:2.3:a:nginx:nginx:0.7.41
  • cpe:2.3:a:nginx:nginx:0.7.42
    cpe:2.3:a:nginx:nginx:0.7.42
  • cpe:2.3:a:nginx:nginx:0.7.43
    cpe:2.3:a:nginx:nginx:0.7.43
  • cpe:2.3:a:nginx:nginx:0.7.44
    cpe:2.3:a:nginx:nginx:0.7.44
  • cpe:2.3:a:nginx:nginx:0.7.45
    cpe:2.3:a:nginx:nginx:0.7.45
  • cpe:2.3:a:nginx:nginx:0.7.46
    cpe:2.3:a:nginx:nginx:0.7.46
  • cpe:2.3:a:nginx:nginx:0.7.47
    cpe:2.3:a:nginx:nginx:0.7.47
  • cpe:2.3:a:nginx:nginx:0.7.48
    cpe:2.3:a:nginx:nginx:0.7.48
  • cpe:2.3:a:nginx:nginx:0.7.49
    cpe:2.3:a:nginx:nginx:0.7.49
  • cpe:2.3:a:nginx:nginx:0.7.50
    cpe:2.3:a:nginx:nginx:0.7.50
  • cpe:2.3:a:nginx:nginx:0.7.51
    cpe:2.3:a:nginx:nginx:0.7.51
  • cpe:2.3:a:nginx:nginx:0.7.52
    cpe:2.3:a:nginx:nginx:0.7.52
  • cpe:2.3:a:nginx:nginx:0.7.53
    cpe:2.3:a:nginx:nginx:0.7.53
  • cpe:2.3:a:nginx:nginx:0.7.54
    cpe:2.3:a:nginx:nginx:0.7.54
  • cpe:2.3:a:nginx:nginx:0.7.55
    cpe:2.3:a:nginx:nginx:0.7.55
  • cpe:2.3:a:nginx:nginx:0.7.56
    cpe:2.3:a:nginx:nginx:0.7.56
  • cpe:2.3:a:nginx:nginx:0.7.57
    cpe:2.3:a:nginx:nginx:0.7.57
  • cpe:2.3:a:nginx:nginx:0.7.58
    cpe:2.3:a:nginx:nginx:0.7.58
  • cpe:2.3:a:nginx:nginx:0.7.59
    cpe:2.3:a:nginx:nginx:0.7.59
  • cpe:2.3:a:nginx:nginx:0.8.0
    cpe:2.3:a:nginx:nginx:0.8.0
  • cpe:2.3:a:nginx:nginx:0.8.1
    cpe:2.3:a:nginx:nginx:0.8.1
  • cpe:2.3:a:nginx:nginx:0.8.2
    cpe:2.3:a:nginx:nginx:0.8.2
  • cpe:2.3:a:nginx:nginx:0.8.3
    cpe:2.3:a:nginx:nginx:0.8.3
  • cpe:2.3:a:nginx:nginx:0.8.4
    cpe:2.3:a:nginx:nginx:0.8.4
  • cpe:2.3:a:nginx:nginx:0.8.5
    cpe:2.3:a:nginx:nginx:0.8.5
  • cpe:2.3:a:nginx:nginx:0.8.6
    cpe:2.3:a:nginx:nginx:0.8.6
  • cpe:2.3:a:nginx:nginx:0.8.7
    cpe:2.3:a:nginx:nginx:0.8.7
  • cpe:2.3:a:nginx:nginx:0.8.8
    cpe:2.3:a:nginx:nginx:0.8.8
  • cpe:2.3:a:nginx:nginx:0.8.9
    cpe:2.3:a:nginx:nginx:0.8.9
  • cpe:2.3:a:nginx:nginx:0.8.10
    cpe:2.3:a:nginx:nginx:0.8.10
  • cpe:2.3:a:nginx:nginx:0.8.11
    cpe:2.3:a:nginx:nginx:0.8.11
  • cpe:2.3:a:nginx:nginx:0.8.12
    cpe:2.3:a:nginx:nginx:0.8.12
  • cpe:2.3:a:nginx:nginx:0.8.13
    cpe:2.3:a:nginx:nginx:0.8.13
  • cpe:2.3:a:nginx:nginx:0.8.14
    cpe:2.3:a:nginx:nginx:0.8.14
  • cpe:2.3:a:nginx:nginx:0.8.15
    cpe:2.3:a:nginx:nginx:0.8.15
  • cpe:2.3:a:nginx:nginx:0.8.16
    cpe:2.3:a:nginx:nginx:0.8.16
  • cpe:2.3:a:nginx:nginx:0.8.17
    cpe:2.3:a:nginx:nginx:0.8.17
  • cpe:2.3:a:nginx:nginx:0.8.18
    cpe:2.3:a:nginx:nginx:0.8.18
  • cpe:2.3:a:nginx:nginx:0.8.19
    cpe:2.3:a:nginx:nginx:0.8.19
  • cpe:2.3:a:nginx:nginx:0.8.20
    cpe:2.3:a:nginx:nginx:0.8.20
  • cpe:2.3:a:nginx:nginx:0.8.21
    cpe:2.3:a:nginx:nginx:0.8.21
  • cpe:2.3:a:nginx:nginx:0.8.22
    cpe:2.3:a:nginx:nginx:0.8.22
  • cpe:2.3:a:nginx:nginx:0.8.23
    cpe:2.3:a:nginx:nginx:0.8.23
  • cpe:2.3:a:nginx:nginx:0.8.24
    cpe:2.3:a:nginx:nginx:0.8.24
  • cpe:2.3:a:nginx:nginx:0.8.25
    cpe:2.3:a:nginx:nginx:0.8.25
  • cpe:2.3:a:nginx:nginx:0.8.26
    cpe:2.3:a:nginx:nginx:0.8.26
  • cpe:2.3:a:nginx:nginx:0.8.27
    cpe:2.3:a:nginx:nginx:0.8.27
  • cpe:2.3:a:nginx:nginx:0.8.28
    cpe:2.3:a:nginx:nginx:0.8.28
  • cpe:2.3:a:nginx:nginx:0.8.29
    cpe:2.3:a:nginx:nginx:0.8.29
  • cpe:2.3:a:nginx:nginx:0.8.30
    cpe:2.3:a:nginx:nginx:0.8.30
  • cpe:2.3:a:nginx:nginx:0.8.31
    cpe:2.3:a:nginx:nginx:0.8.31
  • cpe:2.3:a:nginx:nginx:0.8.32
    cpe:2.3:a:nginx:nginx:0.8.32
  • cpe:2.3:a:nginx:nginx:0.8.33
    cpe:2.3:a:nginx:nginx:0.8.33
  • cpe:2.3:a:nginx:nginx:0.8.34
    cpe:2.3:a:nginx:nginx:0.8.34
  • cpe:2.3:a:nginx:nginx:0.8.35
    cpe:2.3:a:nginx:nginx:0.8.35
  • cpe:2.3:a:nginx:nginx:0.8.36
    cpe:2.3:a:nginx:nginx:0.8.36
  • cpe:2.3:a:nginx:nginx:0.8.37
    cpe:2.3:a:nginx:nginx:0.8.37
  • cpe:2.3:a:nginx:nginx:0.8.38
    cpe:2.3:a:nginx:nginx:0.8.38
  • cpe:2.3:a:nginx:nginx:0.8.39
    cpe:2.3:a:nginx:nginx:0.8.39
  • cpe:2.3:a:nginx:nginx:0.8.40
    cpe:2.3:a:nginx:nginx:0.8.40
  • cpe:2.3:a:nginx:nginx:0.8.41
    cpe:2.3:a:nginx:nginx:0.8.41
  • cpe:2.3:a:nginx:nginx:0.8.42
    cpe:2.3:a:nginx:nginx:0.8.42
  • cpe:2.3:a:nginx:nginx:0.8.43
    cpe:2.3:a:nginx:nginx:0.8.43
  • cpe:2.3:a:nginx:nginx:0.8.44
    cpe:2.3:a:nginx:nginx:0.8.44
  • cpe:2.3:a:nginx:nginx:0.8.45
    cpe:2.3:a:nginx:nginx:0.8.45
  • cpe:2.3:a:nginx:nginx:0.8.46
    cpe:2.3:a:nginx:nginx:0.8.46
  • cpe:2.3:a:nginx:nginx:0.8.47
    cpe:2.3:a:nginx:nginx:0.8.47
  • cpe:2.3:a:nginx:nginx:0.8.48
    cpe:2.3:a:nginx:nginx:0.8.48
  • cpe:2.3:a:nginx:nginx:0.8.49
    cpe:2.3:a:nginx:nginx:0.8.49
  • cpe:2.3:a:nginx:nginx:0.8.50
    cpe:2.3:a:nginx:nginx:0.8.50
  • cpe:2.3:a:nginx:nginx:0.8.51
    cpe:2.3:a:nginx:nginx:0.8.51
  • cpe:2.3:a:nginx:nginx:0.8.52
    cpe:2.3:a:nginx:nginx:0.8.52
  • cpe:2.3:a:nginx:nginx:0.8.53
    cpe:2.3:a:nginx:nginx:0.8.53
  • cpe:2.3:a:nginx:nginx:0.9.0
    cpe:2.3:a:nginx:nginx:0.9.0
  • cpe:2.3:a:nginx:nginx:0.9.1
    cpe:2.3:a:nginx:nginx:0.9.1
  • cpe:2.3:a:nginx:nginx:0.9.2
    cpe:2.3:a:nginx:nginx:0.9.2
  • cpe:2.3:a:nginx:nginx:0.9.3
    cpe:2.3:a:nginx:nginx:0.9.3
  • cpe:2.3:a:nginx:nginx:0.9.4
    cpe:2.3:a:nginx:nginx:0.9.4
  • cpe:2.3:a:nginx:nginx:0.9.5
    cpe:2.3:a:nginx:nginx:0.9.5
  • cpe:2.3:a:nginx:nginx:0.9.6
    cpe:2.3:a:nginx:nginx:0.9.6
  • cpe:2.3:a:nginx:nginx:0.9.7
    cpe:2.3:a:nginx:nginx:0.9.7
  • Nginx 1.0.0
    cpe:2.3:a:nginx:nginx:1.0.0
  • Nginx 1.0.1
    cpe:2.3:a:nginx:nginx:1.0.1
  • Nginx 1.0.2
    cpe:2.3:a:nginx:nginx:1.0.2
  • Nginx 1.0.3
    cpe:2.3:a:nginx:nginx:1.0.3
  • Nginx 1.0.4
    cpe:2.3:a:nginx:nginx:1.0.4
  • Nginx 1.0.5
    cpe:2.3:a:nginx:nginx:1.0.5
  • Nginx 1.1.0
    cpe:2.3:a:nginx:nginx:1.1.0
  • Nginx 1.1.1
    cpe:2.3:a:nginx:nginx:1.1.1
  • Nginx 1.1.2
    cpe:2.3:a:nginx:nginx:1.1.2
  • Nginx 1.1.3
    cpe:2.3:a:nginx:nginx:1.1.3
  • Nginx 1.1.4
    cpe:2.3:a:nginx:nginx:1.1.4
  • Nginx 1.1.5
    cpe:2.3:a:nginx:nginx:1.1.5
  • Nginx 1.1.6
    cpe:2.3:a:nginx:nginx:1.1.6
  • Nginx 1.1.7
    cpe:2.3:a:nginx:nginx:1.1.7
  • Nginx 1.1.8
    cpe:2.3:a:nginx:nginx:1.1.8
  • Nginx 1.1.9
    cpe:2.3:a:nginx:nginx:1.1.9
  • Nginx 1.1.10
    cpe:2.3:a:nginx:nginx:1.1.10
  • Nginx 1.1.11
    cpe:2.3:a:nginx:nginx:1.1.11
  • Nginx 1.1.12
    cpe:2.3:a:nginx:nginx:1.1.12
  • Nginx 1.1.13
    cpe:2.3:a:nginx:nginx:1.1.13
  • Nginx 1.1.14
    cpe:2.3:a:nginx:nginx:1.1.14
  • Nginx 1.1.15
    cpe:2.3:a:nginx:nginx:1.1.15
  • Nginx 1.1.16
    cpe:2.3:a:nginx:nginx:1.1.16
  • Nginx 1.1.17
    cpe:2.3:a:nginx:nginx:1.1.17
  • Nginx 1.1.18
    cpe:2.3:a:nginx:nginx:1.1.18
  • Nginx 1.1.19
    cpe:2.3:a:nginx:nginx:1.1.19
  • Nginx 1.2.0
    cpe:2.3:a:nginx:nginx:1.2.0
  • Nginx 1.3.0
    cpe:2.3:a:nginx:nginx:1.3.0
  • Nginx 1.3.1
    cpe:2.3:a:nginx:nginx:1.3.1
  • Nginx 1.3.2
    cpe:2.3:a:nginx:nginx:1.3.2
  • Nginx 1.3.3
    cpe:2.3:a:nginx:nginx:1.3.3
  • Nginx 1.3.4
    cpe:2.3:a:nginx:nginx:1.3.4
  • Nginx 1.3.5
    cpe:2.3:a:nginx:nginx:1.3.5
  • Nginx 1.3.6
    cpe:2.3:a:nginx:nginx:1.3.6
  • Nginx 1.3.7
    cpe:2.3:a:nginx:nginx:1.3.7
  • Nginx 1.3.8
    cpe:2.3:a:nginx:nginx:1.3.8
  • Nginx 1.3.9
    cpe:2.3:a:nginx:nginx:1.3.9
  • Nginx 1.3.10
    cpe:2.3:a:nginx:nginx:1.3.10
  • Nginx 1.3.11
    cpe:2.3:a:nginx:nginx:1.3.11
  • Nginx 1.3.12
    cpe:2.3:a:nginx:nginx:1.3.12
  • Nginx 1.3.13
    cpe:2.3:a:nginx:nginx:1.3.13
  • Nginx 1.3.14
    cpe:2.3:a:nginx:nginx:1.3.14
  • Nginx 1.3.15
    cpe:2.3:a:nginx:nginx:1.3.15
  • Nginx 1.3.16
    cpe:2.3:a:nginx:nginx:1.3.16
  • Nginx 1.4.0
    cpe:2.3:a:nginx:nginx:1.4.0
  • Nginx 1.5.0
    cpe:2.3:a:nginx:nginx:1.5.0
  • Nginx 1.5.1
    cpe:2.3:a:nginx:nginx:1.5.1
  • Nginx 1.5.2
    cpe:2.3:a:nginx:nginx:1.5.2
  • Nginx 1.5.3
    cpe:2.3:a:nginx:nginx:1.5.3
  • Nginx 1.5.4
    cpe:2.3:a:nginx:nginx:1.5.4
  • Nginx 1.5.5
    cpe:2.3:a:nginx:nginx:1.5.5
  • Nginx 1.5.6
    cpe:2.3:a:nginx:nginx:1.5.6
  • Nginx 1.5.7
    cpe:2.3:a:nginx:nginx:1.5.7
  • Nginx 1.5.8
    cpe:2.3:a:nginx:nginx:1.5.8
  • Nginx 1.5.9
    cpe:2.3:a:nginx:nginx:1.5.9
  • Nginx 1.5.10
    cpe:2.3:a:nginx:nginx:1.5.10
  • Nginx 1.5.11
    cpe:2.3:a:nginx:nginx:1.5.11
  • Nginx 1.5.12
    cpe:2.3:a:nginx:nginx:1.5.12
  • cpe:2.3:a:nginx:nginx:1.5.13
    cpe:2.3:a:nginx:nginx:1.5.13
  • cpe:2.3:a:nginx:nginx:1.7.0
    cpe:2.3:a:nginx:nginx:1.7.0
  • cpe:2.3:a:nginx:nginx:1.7.1
    cpe:2.3:a:nginx:nginx:1.7.1
  • cpe:2.3:a:nginx:nginx:1.7.2
    cpe:2.3:a:nginx:nginx:1.7.2
  • cpe:2.3:a:nginx:nginx:1.7.3
    cpe:2.3:a:nginx:nginx:1.7.3
  • cpe:2.3:a:nginx:nginx:1.7.4
    cpe:2.3:a:nginx:nginx:1.7.4
  • cpe:2.3:a:nginx:nginx:1.7.5
    cpe:2.3:a:nginx:nginx:1.7.5
  • cpe:2.3:a:nginx:nginx:1.7.6
    cpe:2.3:a:nginx:nginx:1.7.6
  • cpe:2.3:a:nginx:nginx:1.7.7
    cpe:2.3:a:nginx:nginx:1.7.7
  • cpe:2.3:a:nginx:nginx:1.7.8
    cpe:2.3:a:nginx:nginx:1.7.8
  • cpe:2.3:a:nginx:nginx:1.7.9
    cpe:2.3:a:nginx:nginx:1.7.9
  • cpe:2.3:a:nginx:nginx:1.7.10
    cpe:2.3:a:nginx:nginx:1.7.10
  • cpe:2.3:a:nginx:nginx:1.7.11
    cpe:2.3:a:nginx:nginx:1.7.11
  • cpe:2.3:a:nginx:nginx:1.7.12
    cpe:2.3:a:nginx:nginx:1.7.12
  • Nginx 1.9.0
    cpe:2.3:a:nginx:nginx:1.9.0
  • Nginx 1.9.1
    cpe:2.3:a:nginx:nginx:1.9.1
  • Nginx 1.9.2
    cpe:2.3:a:nginx:nginx:1.9.2
  • Nginx 1.9.3
    cpe:2.3:a:nginx:nginx:1.9.3
  • Nginx 1.9.4
    cpe:2.3:a:nginx:nginx:1.9.4
  • Nginx 1.9.5
    cpe:2.3:a:nginx:nginx:1.9.5
  • Nginx 1.9.6
    cpe:2.3:a:nginx:nginx:1.9.6
  • Nginx 1.9.7
    cpe:2.3:a:nginx:nginx:1.9.7
  • Nginx 1.9.8
    cpe:2.3:a:nginx:nginx:1.9.8
  • Nginx 1.9.9
    cpe:2.3:a:nginx:nginx:1.9.9
  • cpe:2.3:a:nginx:nginx:1.9.10
    cpe:2.3:a:nginx:nginx:1.9.10
  • cpe:2.3:a:nginx:nginx:1.9.11
    cpe:2.3:a:nginx:nginx:1.9.11
  • cpe:2.3:a:nginx:nginx:1.9.12
    cpe:2.3:a:nginx:nginx:1.9.12
  • cpe:2.3:a:nginx:nginx:1.9.13
    cpe:2.3:a:nginx:nginx:1.9.13
  • cpe:2.3:a:nginx:nginx:1.9.14
    cpe:2.3:a:nginx:nginx:1.9.14
  • cpe:2.3:a:nginx:nginx:1.9.15
    cpe:2.3:a:nginx:nginx:1.9.15
  • Nginx 1.11.0
    cpe:2.3:a:nginx:nginx:1.11.0
  • cpe:2.3:a:nginx:nginx:1.11.1
    cpe:2.3:a:nginx:nginx:1.11.1
  • cpe:2.3:a:nginx:nginx:1.11.2
    cpe:2.3:a:nginx:nginx:1.11.2
  • cpe:2.3:a:nginx:nginx:1.11.3
    cpe:2.3:a:nginx:nginx:1.11.3
  • cpe:2.3:a:nginx:nginx:1.11.4
    cpe:2.3:a:nginx:nginx:1.11.4
  • cpe:2.3:a:nginx:nginx:1.11.5
    cpe:2.3:a:nginx:nginx:1.11.5
  • cpe:2.3:a:nginx:nginx:1.11.6
    cpe:2.3:a:nginx:nginx:1.11.6
  • cpe:2.3:a:nginx:nginx:1.11.7
    cpe:2.3:a:nginx:nginx:1.11.7
  • cpe:2.3:a:nginx:nginx:1.11.8
    cpe:2.3:a:nginx:nginx:1.11.8
  • cpe:2.3:a:nginx:nginx:1.11.9
    cpe:2.3:a:nginx:nginx:1.11.9
  • cpe:2.3:a:nginx:nginx:1.11.10
    cpe:2.3:a:nginx:nginx:1.11.10
  • cpe:2.3:a:nginx:nginx:1.11.11
    cpe:2.3:a:nginx:nginx:1.11.11
  • cpe:2.3:a:nginx:nginx:1.11.12
    cpe:2.3:a:nginx:nginx:1.11.12
  • cpe:2.3:a:nginx:nginx:1.11.13
    cpe:2.3:a:nginx:nginx:1.11.13
  • cpe:2.3:a:nginx:nginx:1.13.0
    cpe:2.3:a:nginx:nginx:1.13.0
  • cpe:2.3:a:nginx:nginx:1.13.1
    cpe:2.3:a:nginx:nginx:1.13.1
  • cpe:2.3:a:nginx:nginx:1.13.2
    cpe:2.3:a:nginx:nginx:1.13.2
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-AECD25B8A9.NASL
    description This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module. See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 102719
    published 2017-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102719
    title Fedora 26 : 1:nginx (2017-aecd25b8a9)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-C27A947AF1.NASL
    description This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module. See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 102720
    published 2017-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102720
    title Fedora 25 : 1:nginx (2017-c27a947af1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-894.NASL
    description A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 103228
    published 2017-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103228
    title Amazon Linux AMI : nginx (ALAS-2017-894)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3908.NASL
    description An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 101490
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101490
    title Debian DSA-3908-1 : nginx - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1024.NASL
    description It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges, potentially resulting in a sensitive information leak. For Debian 7 'Wheezy', this issue has been fixed in nginx version 1.2.1-2.2+wheezy4+deb7u1. We recommend that you upgrade your nginx packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 101535
    published 2017-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101535
    title Debian DLA-1024-1 : nginx security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B28ADC5B669311E7AD43F0DEF16C5C1B.NASL
    description Maxim Dounin reports : A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 101381
    published 2017-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101381
    title FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3352-1.NASL
    description It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 101546
    published 2017-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101546
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : nginx vulnerability (USN-3352-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-316.NASL
    description This update for nginx to version 1.13.9 fixes the following issues : - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265) This update also contains all updates and improvements in 1.13.9 upstream release.
    last seen 2018-03-30
    modified 2018-03-27
    plugin id 108639
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108639
    title openSUSE Security Update : nginx (openSUSE-2018-316)
  • NASL family Web Servers
    NASL id NGINX_1_13_2.NASL
    description According to the self-reported version in its response header, the version of nginx hosted on the remote web server is < 1.13.2. It is, therefore, affected by an integer overflow vulnerability
    last seen 2018-02-23
    modified 2018-02-22
    plugin id 105359
    published 2017-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105359
    title nginx < 1.13.2 Integer Overflow Vulnerability
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-867.NASL
    description This update for nginx fixes the following issues : - CVE-2017-7529: A remote attacker could have used specially crafted requests to trigger an integer overflow the nginx range filter module to leak potentially sensitive information (boo#1048265)
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 102057
    published 2017-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102057
    title openSUSE Security Update : nginx (openSUSE-2017-867)
redhat via4
advisories
rhsa
id RHSA-2017:2538
refmap via4
bid 99534
confirm https://puppet.com/security/cve/cve-2017-7529
mlist [nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)
sectrack 1039238
Last major update 13-07-2017 - 09:29
Published 13-07-2017 - 09:29
Last modified 04-01-2018 - 21:31
Back to Top