CVE-2017-7529 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak. When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information. Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-346	nginx-mainline	1.13.2-1	1.13.3-1	High	Fixed
AVG-345	nginx	1.12.0-2	1.12.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Jul 2017	ASA-201707-12	AVG-346	nginx-mainline	High	information disclosure
12 Jul 2017	ASA-201707-11	AVG-345	nginx	High	information disclosure

References
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html https://nginx.org/download/patch.2017.ranges.txt