Lucene search

MitreCVE-2020-21699

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2020-21699

2023-08-2219:16:15

CWE-190

mitre

web.nvd.nist.gov

cve-2020-21699

tengine

nginx

integer overflow

vulnerability

information leakage

web server

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.

Affected configurations

Nvd

Node

alibabatengineMatch2.2.2nginx

VendorProductVersionCPE
alibabatengine2.2.2cpe:2.3:a:alibaba:tengine:2.2.2:*:*:*:*:nginx:*:*

Vendor	Product	Version	CPE
alibaba	tengine	2.2.2	cpe:2.3:a:alibaba:tengine:2.2.2:::::nginx::

References

github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

Related for CVE-2020-21699