5.3
CVE-2016-0747
- EPSS 8.43%
- Veröffentlicht 15.02.2016 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.10
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.43% | 0.943 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
http://seclists.org/fulldisclosure/2021/Sep/36
http://www.debian.org/security/2016/dsa-3473
http://www.securitytracker.com/id/1034869
http://www.ubuntu.com/usn/USN-2892-1
https://access.redhat.com/errata/RHSA-2016:1425
https://bto.bluecoat.com/security-advisory/sa115
https://security.gentoo.org/glsa/201606-06
https://support.apple.com/kb/HT212818
https://bugzilla.redhat.com/show_bug.cgi?id=1302589