CVE-2017-7529: Nginx sensitive information disclosure vulnerability
July 11, 2017, Nginx officially released the latest security bulletin, vulnerability CVE number CVE-2017-7529, the Nginx range filter found a security problem, through careful construction of malicious requests may lead to integer overflow and Incorrect handling of the scope, resulting in sensitive information leakage, there is a security risk.
Vulnerability number:
CVE-2017-7529
Vulnerability Name:
Nginx sensitive information disclosure
Impact:
High risk
Vulnerability Description:
When using the Nginx standard module, an attacker is allowed to return a response from the cache, and in some configurations, the cached file header may contain an IP address of the backend server or other sensitive information, resulting in information disclosure.
Remote/Local:
Remote
Affected Version:
Nginx 0.5.6 – 1.13.2.
How to fixes
• Proposed upgrade to Nginx1.13.3, 1.12.1.