Nginx Integer Overflow

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to an integer overflow vulnerability in the nginx range filter module. This vulnerability can be exploited by attackers to leak potentially sensitive information by sending specially crafted requests.

Recommendation

To mitigate this vulnerability, upgrade Nginx to the latest stable version available, which includes patches to address the integer overflow issue. Additionally, consider implementing web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) to detect and block malicious requests targeting this vulnerability.

References

• CVE-2017-7529
• CWE-119
• CWE-190
• CWE-200
• Nginx
• Nginx Security Advisory: CVE-2017-7529
• OWASP 2021-A5
• OWASP 2021-A6