CVE-2020-21699

Name of the Vulnerable Software and Affected Versions Tengine version 2.2.2 Tengine versions 0.5.6 through 1.13.2

Description The web server is vulnerable to an integer overflow vulnerability in the nginx range filter module. This vulnerability results in the leakage of potentially sensitive information when triggered by specially crafted requests.

Recommendations For Tengine version 2.2.2, update to a version that is not based on the vulnerable Nginx range. For Tengine versions 0.5.6 through 1.13.2, consider disabling the nginx range filter module as a temporary workaround until a patch is available.