Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

According to it's self reported version, the installed version of Nginx Plus is prior to R13 (built on Open Source version 1.13.4). It is, therefore, affected by an integer overflow vulnerability in the range filter module. An unauthenticated, remote attacker can exploit this, via a specially crafted request to disclose potentially sensitive information.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5862 advisory.

  - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in     nginx range filter module resulting into leak of potentially sensitive information triggered by specially     crafted request. (CVE-2017-7529)

  - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an     attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in     worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it     is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used     in the configuration file. Further, the attack is only possible if an attacker is able to trigger     processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)

  - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization     manipulation, potentially leading to a denial of service. The attacker requests a large amount of data     from a specified resource over multiple streams. They manipulate window size and stream priority to force     the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can     consume excess CPU, memory, or both. (CVE-2019-9511)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory.

  - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in     nginx range filter module resulting into leak of potentially sensitive information triggered by specially     crafted request. (CVE-2017-7529)

  - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an     attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in     worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it     is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used     in the configuration file. Further, the attack is only possible if an attacker is able to trigger     processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)

  - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization     manipulation, potentially leading to a denial of service. The attacker requests a large amount of data     from a specified resource over multiple streams. They manipulate window size and stream priority to force     the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can     consume excess CPU, memory, or both. (CVE-2019-9511)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.6. It is, therefore, affected by a vulnerability.

  - Nginx versions since 0.5.6 up to and including 1.13.2     are vulnerable to integer overflow vulnerability in     nginx range filter module resulting into leak of     potentially sensitive information triggered by specially     crafted request. (CVE-2017-7529)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the self-reported version in its response header, the version of nginx hosted on the remote web server is < 1.13.3. It is, therefore, affected by an integer overflow vulnerability

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its Server response header, the installed version of nginx is prior to 1.12.1 or 1.13.x prior to 1.13.3.
It is, therefore, affected by an integer overflow vulnerability in the range filter module. An unauthenticated, remote attacker can exploit this, via a specially crafted request to disclose potentially sensitive information.

This update for nginx to version 1.13.9 fixes the following issues :

  - CVE-2017-7529: nginx: Integer overflow in nginx range     filter module allowed memory disclosure (bsc#1048265)

This update also contains all updates and improvements in 1.13.9 upstream release.

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)

This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module.

See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for nginx fixes the following issues :

  - CVE-2017-7529: A remote attacker could have used     specially crafted requests to trigger an integer     overflow the nginx range filter module to leak     potentially sensitive information (boo#1048265)

It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges, potentially resulting in a sensitive information leak.

For Debian 7 'Wheezy', this issue has been fixed in nginx version 1.2.1-2.2+wheezy4+deb7u1.

We recommend that you upgrade your nginx packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.

Maxim Dounin reports :

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).

ID	Name	Product	Family	Severity
161695	Nginx Plus > R13 Data Disclosure Vulnerability	Nessus	Web Servers	high
140926	Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)	Nessus	Oracle Linux Local Security Checks	high
140789	Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)	Nessus	Oracle Linux Local Security Checks	high
138072	Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 Vulnerability	Nessus	Palo Alto Local Security Checks	high
98967	Nginx < 1.12.1 Integer Overflow	Web App Scanning	Component Vulnerability	high
98966	Nginx < 1.13.3 Integer Overflow	Web App Scanning	Component Vulnerability	high
118151	nginx Data Disclosure Vulnerability	Nessus	Web Servers	high
108639	openSUSE Security Update : nginx (openSUSE-2018-316)	Nessus	SuSE Local Security Checks	high
103228	Amazon Linux AMI : nginx (ALAS-2017-894)	Nessus	Amazon Linux Local Security Checks	high
102720	Fedora 25 : 1:nginx (2017-c27a947af1)	Nessus	Fedora Local Security Checks	high
102719	Fedora 26 : 1:nginx (2017-aecd25b8a9)	Nessus	Fedora Local Security Checks	high
102057	openSUSE Security Update : nginx (openSUSE-2017-867)	Nessus	SuSE Local Security Checks	high
101546	Ubuntu 14.04 LTS / 16.04 LTS : nginx vulnerability (USN-3352-1)	Nessus	Ubuntu Local Security Checks	high
101535	Debian DLA-1024-1 : nginx security update	Nessus	Debian Local Security Checks	high
101490	Debian DSA-3908-1 : nginx - security update	Nessus	Debian Local Security Checks	high
101381	FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2017-7529

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high