[NGINX:CVE-2016-0747] Insufficient limits of CNAME resolution in resolver
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 0.6.18, <= 1.9.9 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 1.9.10 |
|
pkg:nginx/nginx
|
>= 1.8.1 |
- ID
- NGINX:CVE-2016-0747
- Severity
- medium
- Published
-
2016-02-15T19:59:02
(8 years ago) - Modified
-
2016-02-15T19:59:02
(8 years ago) - Rights
- NGINX Security Team
- Other Advisories
ALAS-2016-655
DSA-3473-1
FEDORA-2016-bf03932bb3
FREEBSD:C1C18EE1-C711-11E5-96D6-14DAE9D210B8
GLSA-201606-06
SUSE-SU-2016:1232-1
USN-2892-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |