CVE-2017-7529

HIGH LAB

nginx 0.5.6-1.13.2 - Integer Overflow in Range Filter Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 16 public exploits for CVE-2017-7529. PoCs published by en0f, liusec, Shehzadcyber.

AI-analyzed exploit summary This PoC exploits an integer overflow vulnerability in Nginx's range filter module (CVE-2017-7529) to leak potentially sensitive information. It crafts a malicious Range header to trigger the overflow and dumps leaked data in a hex format.

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Exploits (16)

nomisec WORKING POC 19 stars
by en0f · poc
https://github.com/en0f/CVE-2017-7529_PoC

This PoC exploits an integer overflow vulnerability in Nginx's range filter module (CVE-2017-7529) to leak potentially sensitive information. It crafts a malicious Range header to trigger the overflow and dumps leaked data in a hex format.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Target Nginx server with vulnerable version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 16 stars
by liusec · poc
https://github.com/liusec/CVE-2017-7529

This repository contains a PoC for CVE-2017-7529, an integer overflow vulnerability in Nginx's range filter module. The exploit sends a maliciously crafted Range header to leak sensitive information from cached responses.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Nginx with proxy caching enabled · Access to a cached resource
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 10 stars
by Shehzadcyber · poc
https://github.com/Shehzadcyber/CVE-2017-7529

This PoC exploits an integer overflow vulnerability in Nginx's range filter module (CVE-2017-7529) to leak sensitive information via a specially crafted HTTP Range header. It checks for vulnerability and dumps leaked data in a hexdump format.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Target running vulnerable Nginx version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by gemboxteam · poc
https://github.com/gemboxteam/exploit-nginx-1.10.3

This PoC exploits an integer overflow vulnerability in Nginx 1.10.3 by sending a crafted Range header to trigger a buffer overflow. It checks for vulnerability by verifying the HTTP 206 response and Content-Range header.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Nginx 1.10.3
No auth needed
Prerequisites: Target running Nginx 1.10.3 · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by MaxSecurity · poc
https://github.com/MaxSecurity/CVE-2017-7529-POC

This PoC exploits an integer overflow vulnerability in Nginx's range filter module (CVE-2017-7529) to leak sensitive information, such as backend server IPs, by sending a specially crafted HTTP Range header. The script checks for vulnerability and dumps leaked data in a hexdump format.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Nginx with default configuration and proxy caching enabled · Network access to the target Nginx server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by cyberharsh · poc
https://github.com/cyberharsh/nginx-CVE-2017-7529

This PoC exploits CVE-2017-7529, an out-of-bounds read vulnerability in Nginx's range header handling, allowing an attacker to read cached file headers and HTTP response headers by crafting malicious Range requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx (versions with vulnerable range handling)
No auth needed
Prerequisites: Nginx configured as a reverse proxy with caching enabled · Target URL accessible to the attacker
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by coolman6942o · poc
https://github.com/coolman6942o/-Exploit-CVE-2017-7529

This exploit targets CVE-2017-7529, an integer overflow vulnerability in Nginx's range filter module. It crafts a malicious Range header to trigger an information leak by bypassing intended content length restrictions.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Target server running vulnerable Nginx version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by insecrez · poc
https://github.com/insecrez/Remote-Integer-Overflow-Vulnerability

This repository contains a PoC for CVE-2017-7529, an integer overflow vulnerability in Nginx versions prior to 1.13 (excluding 1.12). The exploit leverages a malformed Range header to trigger an overflow, potentially leaking sensitive headers or IP addresses.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx < 1.13 (excluding 1.12)
No auth needed
Prerequisites: Target running vulnerable Nginx version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by mo3zj · poc
https://github.com/mo3zj/Nginx-Remote-Integer-Overflow-Vulnerability

This PoC exploits an integer overflow vulnerability in Nginx (CVE-2017-7529) by sending a malformed Range header to trigger a buffer overflow. The script checks if the target is vulnerable by analyzing the response status code and headers.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Nginx (versions prior to 1.13.3 and 1.12.1)
No auth needed
Prerequisites: Target server running vulnerable Nginx version · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by portfolio10 · poc
https://github.com/portfolio10/nginx

This PoC exploits CVE-2017-7529, an integer overflow vulnerability in Nginx's range filter module, by sending a malformed Range header to trigger an information leak or denial of service. The script calculates an offset and crafts a Range header to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx (versions with vulnerable range filter module)
No auth needed
Prerequisites: Target Nginx server with vulnerable range filter module · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by youngmin0104 · poc
https://github.com/youngmin0104/CVE-2017-7529-

This repository contains a working PoC for CVE-2017-7529, an integer overflow vulnerability in Nginx 1.13.2 and earlier. The exploit leverages malformed Range headers to trigger an information leak, potentially exposing sensitive data from memory.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx <= 1.13.2
No auth needed
Prerequisites: Network access to vulnerable Nginx server · Python with requests library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Fenil2511 · poc
https://github.com/Fenil2511/CVE-2017-7529-POC

This PoC exploits CVE-2017-7529, an integer overflow vulnerability in Nginx 1.13.2, by sending a crafted Range header to trigger a buffer overflow. It checks for vulnerability by analyzing the server's response for specific headers and status codes.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Nginx 1.13.2
No auth needed
Prerequisites: Target server running vulnerable Nginx version · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by fu2x2000 · poc
https://github.com/fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit

This PoC exploits CVE-2017-7529, an integer overflow vulnerability in Nginx's range filter module. It sends a crafted Range header to trigger the vulnerability and checks for a 206 Partial Content response with a Content-Range header to confirm exploitation.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Nginx versions 0.5.6 to 1.13.2
No auth needed
Prerequisites: Target server running vulnerable Nginx version · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by cved-sources · poc
https://github.com/cved-sources/cve-2017-7529

This repository contains a minimal Docker setup script for CVE-2017-7529, an integer overflow in Nginx's range filter module, but lacks actual exploit code. It only restarts services and keeps the container running.

Classification
Stub 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Nginx 1.13.2 and earlier
No auth needed
Prerequisites: Docker environment · Vulnerable Nginx version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by daehee · poc
https://github.com/daehee/nginx-overflow

This Go-based scanner checks for CVE-2017-7529, an integer overflow vulnerability in nginx's range filter module. It sends crafted Range headers to detect if the target is vulnerable by analyzing HTTP 206 responses and Content-Range headers.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: nginx (versions with vulnerable range filter module)
No auth needed
Prerequisites: Target must be running a vulnerable version of nginx · Target must expose HTTP/HTTPS service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by cyberk1w1 · poc
https://github.com/cyberk1w1/CVE-2017-7529

This exploit targets an integer overflow vulnerability in NGiNX 1.6.2 by manipulating the 'Range' header to trigger a buffer overflow. It checks for vulnerability by sending a crafted HTTP request and verifying the response.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: NGiNX 1.6.2
No auth needed
Prerequisites: Target server running NGiNX 1.6.2 · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory mailing-list x_refsource_mlist
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2538
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99534
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039238
Third Party Advisory x_refsource_confirm
https://puppet.com/security/cve/cve-2017-7529
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212818
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Sep/36

Scores

CVSS v3 7.5
EPSS 0.6260
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull nginx:1.13.1
docker pull vulhub/nginx:1.13.2
docker pull nginx:1.12
+13 more repos

Details

CWE
CWE-190
Status published
Products (4)
apple/xcode < 13.0
f5/nginx 0.5.6 - 1.12.1
nginx/nginx 0.5.6 - 1.13.2
puppet/puppet_enterprise < 2016.4.7
Published Jul 13, 2017
Tracked Since Feb 18, 2026