CVE-2017-7529: Nginx sensitive information disclosure vulnerability

by do son · July 13, 2017

July 11, 2017, Nginx officially released the latest security bulletin, vulnerability CVE number CVE-2017-7529, the Nginx range filter found a security problem, through careful construction of malicious requests may lead to integer overflow and Incorrect handling of the scope, resulting in sensitive information leakage, there is a security risk.

Vulnerability number:

CVE-2017-7529

Vulnerability Name:

Nginx sensitive information disclosure

Impact:

High risk

Vulnerability Description:

When using the Nginx standard module, an attacker is allowed to return a response from the cache, and in some configurations, the cached file header may contain an IP address of the backend server or other sensitive information, resulting in information disclosure.

Remote/Local:

Remote

Affected Version:

Nginx 0.5.6 – 1.13.2.

How to fixes

• Proposed upgrade to Nginx1.13.3, 1.12.1.

CVE-2017-7529: Nginx sensitive information disclosure vulnerability

Search

Brilliantly

Content & Links