Detections
Analytics
nginx Data Disclosure Vulnerability
high Nessus Plugin ID 118151
Language:
Synopsis
The remote web server is affected by a data disclosure vulnerability.Description
According to its Server response header, the installed version of nginx is prior to 1.12.1 or 1.13.x prior to 1.13.3.It is, therefore, affected by an integer overflow vulnerability in the range filter module. An unauthenticated, remote attacker can exploit this, via a specially crafted request to disclose potentially sensitive information.
Solution
Either apply the patch manually or upgrade to nginx 1.12.1 / 1.13.3 or later.See Also
http://nginx.org/en/security_advisories.html
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Plugin Details
Severity: High
ID: 118151
File Name: nginx_1_13_3.nasl
Version: 1.8
Type: combined
Agent: unix
Family: Web Servers
Published: 10/16/2018
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2017-7529
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:nginx:nginx
Required KB Items: installed_sw/nginx
Exploit Ease: No known exploits are available
Patch Publication Date: 7/22/2017
Vulnerability Publication Date: 7/11/2017
Reference Information
CVE: CVE-2017-7529
BID: 103938