CVE-2017-7529: Nginx sensitive information disclosure vulnerability – Penetration Testing

July 11, 2017, Nginx officially released the latest security bulletin, vulnerability CVE number CVE-2017-7529, the Nginx range filter found a security problem, through careful construction of malicious requests may lead to integer overflow and Incorrect handling of the scope, resulting in sensitive information leakage, there is a security risk.

Vulnerability number:

CVE-2017-7529

Vulnerability Name:

Nginx sensitive information disclosure

Impact:

High risk

Vulnerability Description:

When using the Nginx standard module, an attacker is allowed to return a response from the cache, and in some configurations, the cached file header may contain an IP address of the backend server or other sensitive information, resulting in information disclosure.

Remote/Local:

Remote

Affected Version:

Nginx 0.5.6 – 1.13.2.

How to fixes

• Proposed upgrade to Nginx1.13.3, 1.12.1.

The post CVE-2017-7529: Nginx sensitive information disclosure vulnerability appeared first on Penetration Testing.

http://ift.tt/2umCKDX http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s