Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2538 advisory.

    Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong     focus on high concurrency, performance and low memory usage.

    Security Fix(es):

    * A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of     nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or,     if used in combination with third party modules, disclose potentially sensitive memory by sending     specially crafted HTTP requests. (CVE-2017-7529)

    Red Hat would like to thank the Nginx project for reporting this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the nginx package has been released.

According to it's self reported version, the installed version of Nginx Plus is prior to R13 (built on Open Source version 1.13.4). It is, therefore, affected by an integer overflow vulnerability in the range filter module. An unauthenticated, remote attacker can exploit this, via a specially crafted request to disclose potentially sensitive information.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5862 advisory.

    - Adress CVE-2019-9511
    - Adress CVE-2018-16845
    - Adress CVE-2017-7529
    - Adress CVE-2019-9511
    - Adress CVE-2018-16845

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory.

    - Adress CVE-2019-9511
    - Adress CVE-2018-16845
    - Adress CVE-2017-7529
    - Adress CVE-2019-9511
    - Adress CVE-2018-16845

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.6. It is, therefore, affected by a vulnerability.

  - Nginx versions since 0.5.6 up to and including 1.13.2     are vulnerable to integer overflow vulnerability in     nginx range filter module resulting into leak of     potentially sensitive information triggered by specially     crafted request. (CVE-2017-7529)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the self-reported version in its response header, the version of nginx hosted on the remote web server is < 1.13.3. It is, therefore, affected by an integer overflow vulnerability

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its Server response header, the installed version of nginx is prior to 1.12.1 or 1.13.x prior to 1.13.3.
It is, therefore, affected by an integer overflow vulnerability in the range filter module. An unauthenticated, remote attacker can exploit this, via a specially crafted request to disclose potentially sensitive information.

This update for nginx to version 1.13.9 fixes the following issues :

  - CVE-2017-7529: nginx: Integer overflow in nginx range     filter module allowed memory disclosure (bsc#1048265)

This update also contains all updates and improvements in 1.13.9 upstream release.

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)

This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module.

See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for nginx fixes the following issues :

  - CVE-2017-7529: A remote attacker could have used     specially crafted requests to trigger an integer     overflow the nginx range filter module to leak     potentially sensitive information (boo#1048265)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3352-1 advisory.

    It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker     could use this to expose sensitive information.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges, potentially resulting in a sensitive information leak.

For Debian 7 'Wheezy', this issue has been fixed in nginx version 1.2.1-2.2+wheezy4+deb7u1.

We recommend that you upgrade your nginx packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.

Maxim Dounin reports :

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).

ID	Name	Product	Family	Severity
210313	RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2017:2538)	Nessus	Red Hat Local Security Checks	high
202835	Photon OS 1.0: Nginx PHSA-2017-0038	Nessus	PhotonOS Local Security Checks	high
161695	Nginx Plus > R13 Data Disclosure Vulnerability	Nessus	Web Servers	high
140926	Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)	Nessus	Oracle Linux Local Security Checks	high
140789	Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)	Nessus	Oracle Linux Local Security Checks	high
138072	Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 Vulnerability	Nessus	Palo Alto Local Security Checks	high
98967	Nginx < 1.12.1 Integer Overflow	Web App Scanning	Component Vulnerability	high
98966	Nginx < 1.13.3 Integer Overflow	Web App Scanning	Component Vulnerability	high
118151	nginx Data Disclosure Vulnerability	Nessus	Web Servers	high
108639	openSUSE Security Update : nginx (openSUSE-2018-316)	Nessus	SuSE Local Security Checks	high
103228	Amazon Linux AMI : nginx (ALAS-2017-894)	Nessus	Amazon Linux Local Security Checks	high
102720	Fedora 25 : 1:nginx (2017-c27a947af1)	Nessus	Fedora Local Security Checks	high
102719	Fedora 26 : 1:nginx (2017-aecd25b8a9)	Nessus	Fedora Local Security Checks	high
102057	openSUSE Security Update : nginx (openSUSE-2017-867)	Nessus	SuSE Local Security Checks	high
101546	Ubuntu 14.04 LTS / 16.04 LTS : nginx vulnerability (USN-3352-1)	Nessus	Ubuntu Local Security Checks	high
101535	Debian DLA-1024-1 : nginx security update	Nessus	Debian Local Security Checks	high
101490	Debian DSA-3908-1 : nginx - security update	Nessus	Debian Local Security Checks	high
101381	FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2017-7529

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high