CVE-2017-7529

CVE Database · CVE-2017-7529

CVE-2017-7529

· HIGHModified

CVSS v3.1

7.5

EPSS

62.60%

Published

Jul 13, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-190CWE-190

Affected Products (6)

f5 · nginxvulnerable

puppet · puppet_enterprise (up to 2016.4.7)vulnerable

puppet · puppet_enterprisevulnerable

apple · xcode (up to 13.0)vulnerable

References (14)

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Vendor Advisory

http://seclists.org/fulldisclosure/2021/Sep/36

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/99534

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039238

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2538

Third Party Advisory

https://puppet.com/security/cve/cve-2017-7529

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs