CVE-2016-0747

EPSS 35.5%
Published 15.02.2016 19:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Nginx Version >= 0.6.18 < 1.8.1

F5 ≫ Nginx Version >= 1.9.0 < 1.9.10

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.10

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Opensuse ≫ Leap Version42.1

Apple ≫ XCode Version < 13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	35.5%	0.969

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html

Third Party Advisory

Mailing List

http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html

Vendor Advisory

http://seclists.org/fulldisclosure/2021/Sep/36

Third Party Advisory

Mailing List

http://www.debian.org/security/2016/dsa-3473

Third Party Advisory

http://www.securitytracker.com/id/1034869

Third Party Advisory