|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-03-06 | |
| Rule Name: | Nginx Integer Overflow Vulnerability (CVE-2017-20005) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | |
| Impact: | An attacker can exploit the affected software with a integer overflow vulnerability. Successful exploit leads to execute arbitrary code, and failed exploit may disturb the software logic and cause denial of service. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://security.netapp.com/advisory/ntap-20210805-0006/ http://nginx.org/en/CHANGES https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html https://trac.nginx.org/nginx/ticket/1368 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://support.f5.com/csp/home |