PT-2016-4400 · Nginx+3 · Nginx+3

Martin Prpič

Publicado

2016-01-26

Atualizado

2024-06-15

CVE-2016-0747

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions nginx versions 1.8.0 through 1.8.1 nginx versions 1.9.x through 1.9.10

Description The issue is related to the resolver in nginx not properly limiting CNAME resolution. This allows remote attackers to cause a denial of service by consuming worker process resources via vectors related to arbitrary name resolution.

Recommendations For nginx versions 1.8.0 through 1.8.1, update to version 1.8.1 or later to resolve the issue. For nginx versions 1.9.x through 1.9.10, update to version 1.9.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the resolver to minimize the risk of exploitation.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2016-1070

CVE-2016-0747

DSA-3473-1

MGASA-2016-0065

OPENSUSE-SU-2024:10044-1

RHSA-2016:1425

SUSE-SU-2016:1232-1

USN-2892-1

Produtos afetados

Alt Linux

Apple Macos

Nginx

Ubuntu

PT-2016-4400 · Nginx+3 · Nginx+3

CVE-2016-0747

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58