Description

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).

When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information.

Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though. The issue affects nginx versions 0.5.6 to 1.13.2. The vulnerability was fixed with nginx 1.12.1 and 1.13.3.

Remediation

Upgrade to the latest version of nginx. The issue was fixed in nginx versions 1.13.3, 1.12.1.

References

[nginx-announce] nginx security advisory (CVE-2017-7529)

Related Vulnerabilities

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

Padding oracle attack

WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)

WordPress Plugin ACF to REST API Information Disclosure (3.2.0)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3167)

Severity

Medium

Classification

CVE-2017-7529 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Denial Of Service