| Title | Nginx の range filter モジュールにおける整数オーバーフローの脆弱性 |
|---|---|
| Summary | Nginx の range filter モジュールには、整数オーバーフローの脆弱性が存在します。 |
| Possible impacts | 巧妙に細工されたリクエストによって、情報を取得される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | July 11, 2017, midnight |
| Registration Date | Aug. 17, 2017, 6:04 p.m. |
| Last Update | Aug. 17, 2017, 6:04 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Igor Sysoev |
| nginx |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2017年08月17日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. |
|---|---|
| Publication Date | July 13, 2017, 10:29 p.m. |
| Registration Date | Jan. 26, 2021, 1:28 p.m. |
| Last Update | Nov. 21, 2024, 12:32 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* | 0.5.6 | 1.12.1 | |||
| cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* | 1.13.0 | 1.13.2 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* | 2016.4.7 | ||||
| cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* | 2017.2.1 | 2017.2.3 | |||
| cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* | 2017.1.0 | 2017.1.1 | |||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:* | 13.0 | ||||