Description

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).

When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information.

Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though. The issue affects nginx versions 0.5.6 to 1.13.2. The vulnerability was fixed with nginx 1.12.1 and 1.13.3.

Remediation

Upgrade to the latest version of nginx. The issue was fixed in nginx versions 1.13.3, 1.12.1.

References

[nginx-announce] nginx security advisory (CVE-2017-7529)

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.21)

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

WordPress REST API User Enumeration

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)

Severity

Medium

Classification

CVE-2017-7529 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Denial Of Service