Integer Overflow Vulnerability in Nginx Affecting Multiple Versions
CVE-2017-7529

7.5HIGH

Key Information:

Vendor

Nginx

Status
Nginx
Vendor
CVE Published:
13 July 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%

What is CVE-2017-7529?

Nginx versions from 0.5.6 to 1.13.2 are susceptible to an integer overflow vulnerability within the range filter module. This flaw can be exploited through specially crafted requests, potentially leading to the disclosure of sensitive information. Administrators are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

nginx 0.5.6 - 1.13.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-7529_PoC
Created by en0f

CVE-2017-7529
Created by liusec

exploit-nginx-1.10.3
Created by gemboxteam

References

http://mailman.nginx.org/pipermail/nginx-announce/2017/00...
mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2017:2538
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/99534
vdb-entryx_refsource_BID

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-7529 : Integer Overflow Vulnerability in Nginx Affecting Multiple Versions