PT-2017-4102 · Nginx+4 · Nginx+4
Published
2017-07-11
·
Updated
2026-04-21
·
CVE-2017-7529
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nginx versions 0.5.6 through 1.13.2
PAN-OS versions prior to 7.1.26
PAN-OS versions prior to 8.1.13
PAN-OS versions prior to 9.0.6
PAN-OS 8.0 (all versions)
Description
The issue is caused by an integer overflow vulnerability in the nginx range filter module. This vulnerability can be exploited by a remote attacker using a specially crafted request, potentially leading to the leak of sensitive information. The vulnerability can also cause the leak of a cache file header if a response was returned from cache.
Recommendations
For Nginx versions 0.5.6 through 1.13.2, update to version 1.21.0 or later.
For PAN-OS versions prior to 7.1.26, update to version 7.1.26 or later.
For PAN-OS versions prior to 8.1.13, update to version 8.1.13 or later.
For PAN-OS versions prior to 9.0.6, update to version 9.0.6 or later.
For PAN-OS 8.0, consider upgrading to a later version of PAN-OS that is not affected by this vulnerability.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Apple Macos
Nginx
Pan-Os
Ubuntu