vulnerability
Nginx: Insufficient limits of CNAME resolution in resolver (CVE-2016-0747)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 29, 2016 | Jan 29, 2016 | Nov 27, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 29, 2016
Added
Jan 29, 2016
Modified
Nov 27, 2024
Description
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Solution(s)
nginx-nginx-upgrade-1_8_1nginx-nginx-upgrade-1_9_10

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.