1. Home
  2. Vulnerabilities
  3. CVE-2017-7529

CVE-2017-7529

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 96.28 % (100th)
96.28% Progress
Affected Products 3
Advisories 14
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Weaknesses
CWE-190
Integer Overflow or Wraparound
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2017-07-13 13:29:00
(7 years ago)
Updated Date
2022-01-24 16:46:04
(2 years ago)

Affected Products

Apple

F5

Puppet

Configuration #1

    CPE23 From Up To
  F5 Nginx from 0.5.6 version and 1.12.1 and prior versions cpe:2.3:a:f5:nginx >= 0.5.6 <= 1.12.1
  F5 Nginx from 1.13.0 version and 1.13.2 and prior versions cpe:2.3:a:f5:nginx >= 1.13.0 <= 1.13.2

Configuration #2

    CPE23 From Up To
  Puppet Enterprise prior 2016.4.7 version cpe:2.3:a:puppet:puppet_enterprise < 2016.4.7
  Puppet Enterprise from 2017.1.0 version and 2017.1.1 and prior versions cpe:2.3:a:puppet:puppet_enterprise >= 2017.1.0 <= 2017.1.1
  Puppet Enterprise from 2017.2.1 version and 2017.2.3 and prior versions cpe:2.3:a:puppet:puppet_enterprise >= 2017.2.1 <= 2017.2.3

Configuration #3

    CPE23 From Up To
  Apple Xcode prior 13.0 version cpe:2.3:a:apple:xcode < 13.0