Описание
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.9.10-0ubuntu1 |
| esm-infra-legacy/trusty | released | 1.4.6-1ubuntu3.4 |
| esm-infra/xenial | released | 1.9.10-0ubuntu1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 1.4.6-1ubuntu3.4 |
| trusty/esm | released | 1.4.6-1ubuntu3.4 |
| upstream | released | 1.9.10-1, 1.9.10, 1.8.1 |
| vivid | ignored | end of life |
| vivid/stable-phone-overlay | DNE |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3