Vulnerabilities/

Nginx Integer Overflow

Severity:: High

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to an integer overflow vulnerability in the nginx range filter module. This vulnerability can be exploited by attackers to leak potentially sensitive information by sending specially crafted requests.

Recommendation

To mitigate this vulnerability, upgrade Nginx to the latest stable version available, which includes patches to address the integer overflow issue. Additionally, consider implementing web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) to detect and block malicious requests targeting this vulnerability.

References

Nginx Security Advisory: CVE-2017-7529
Nginx
CVE-2017-7529
CWE-119
CWE-190
CWE-200
CAPEC-100
CAPEC-92
CAPEC-118
CAPEC-310
OWASP 2021-A5
OWASP 2021-A6

Related Issues

Nginx Version Disclosure - Vulnerability
Web Server Path Traversal - CVE-2017-14849
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438

Tags:: Buffer Overflow; Integer Overflow; Nginx; Information Disclosure; Web Server

Anything's wrong? Let us know Last updated on May 13, 2024