GSA Bounty: Nginx misconfiguration leading to direct PHP source code download

Poc: https://www.data.gov/app/plugins/saml-20-single-sign-on/saml/config/config.php...

Low: nginx

Issue Overview: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially...

SUSE-SU-2017:2387-1 Security update for nginx-1.0

This update for NGINX fixes the following issues: Security issue fixed: - CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. bsc1048265...

Low: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nginx: Integer overflow in nginx range filter module leading to memory disclosure

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...

PT-2017-4158

Name of the Vulnerable Software and Affected Versions NGINX versions prior to 1.13.6 Description The issue is related to the autoindex module's incorrect handling of years exceeding four digits, which can cause an integer overflow. This can be triggered by a file with a modification date in the...

Fedora Update for nginx FEDORA-2017-aecd25b8a9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nginx FEDORA-2017-c27a947af1

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: nginx-1.12.1-1.fc25

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 25 : 1:nginx (2017-c27a947af1)

This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the httpauthrequest module. See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529. Note that Tenable Network Security has extracted the preceding description block directly fro...

Fedora 26 : 1:nginx (2017-aecd25b8a9)

This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the httpauthrequest module. See http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529. Note that Tenable Network Security has extracted the preceding description block directly fro...

[SECURITY] Fedora 26 Update: nginx-1.12.1-1.fc26

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Integer Overflow

github.com/kubernetes/minikube is vulnerable to integer overflows. The library uses a vulnerable version of nginx ingress controller that can cause sensitive information to leak when handling a malicious request. This is related to CVE-2017-7529...

Wallarm at NGINX.conf

Wallarm is proud to be a gold sponsor of NGINX 2017. nginx.conf is an annual conference for technical professionals who are passionate about delivering better application and web performance. The event takes place on September 6–8 at the Nines Luxury Hotel in Portland, OR. Join us at the...

Nginx ngx_http_range_filter_module Integer Overflow (CVE-2017-7529)

An integer overflow vulnerability exists in Nginx. The vulnerability is due to insufficient validation of requested byte ranges...

openSUSE Security Update : nginx (openSUSE-2017-867)

This update for nginx fixes the following issues : - CVE-2017-7529: A remote attacker could have used specially crafted requests to trigger an integer overflow the nginx range filter module to leak potentially sensitive information boo1048265 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

Updated nginx packages fix security vulnerability

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

MGASA-2017-0231 Updated nginx packages fix security vulnerability

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

Skype for business is also vulnerable to the autodiscovery issue

An issue in WPAD proxy automatic configuration was first discovered by Maxim Andreev back in 2015 at the MailRu group security meet-up and then was presented by Maxim Goncharov at BlackHat US 2016 slides. This year Ilya Nesterov and Maxim Goncharov presented a continuation of this research and...

CVE-2017-7529 Nginx integer overflow vulnerability analysis-vulnerability warning-the black bar safety net

1, the vulnerability described in In the Nginx range filter in the presence of an integer overflow vulnerability that can be through with the special structure of the range of the HTTP header of the malicious request to trigger this integer overflow vulnerability, and lead to information leakage...