[NGINX:CVE-2016-0747] Insufficient limits of CNAME resolution in resolver
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 0.6.18, <= 1.9.9 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.9.10 |
pkg:nginx/nginx | >= 1.8.1 |
- ID
- NGINX:CVE-2016-0747
- Severity
- medium
- Published
-
2016-02-15T19:59:02
(8 years ago) - Modified
-
2016-02-15T19:59:02
(8 years ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |