Home

CVE-2016-0747

Description

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
33.182

Associated Vulnerability

VulnerabilityOS Platform
Update Nginx to 9.1.19Windows
Update Nginx to 9.1.5Windows
Update Nginx to 9.1.8Windows
Update Nginx to 9.2.14Windows
Update Nginx to 9.2.19Windows
Update Nginx to 9.2.3Windows
Update Nginx to 9.2.7Windows
Update Nginx to 9.3.10Windows
Update Nginx to 9.3.15Windows
Update Nginx to 9.3.17Windows
small, powerful, scalable web/proxy server (USN-2351-1) nginx-core_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-core_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-full_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-full_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-light_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-light_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-naxsi_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-naxsi_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-extras_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2351-1) nginx-extras_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-core_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-core_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-core_1.9.3-1ubuntu1.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-core_1.9.3-1ubuntu1.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-full_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-full_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-full_1.9.3-1ubuntu1.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-full_1.9.3-1ubuntu1.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-light_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-light_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-light_1.9.3-1ubuntu1.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-light_1.9.3-1ubuntu1.1_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-extras_1.4.6-1ubuntu3.4_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-extras_1.4.6-1ubuntu3.4_amd64.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-extras_1.9.3-1ubuntu1.1_i386.debLinux
small, powerful, scalable web/proxy server (USN-2892-1) nginx-extras_1.9.3-1ubuntu1.1_amd64.debLinux
Update Nginx to 9.1.19 (For Linux)Linux
Update Nginx to 9.1.5 (For Linux)Linux
Update Nginx to 9.1.8 (For Linux)Linux
Update Nginx to 9.2.14 (For Linux)Linux
Update Nginx to 9.2.19 (For Linux)Linux
Update Nginx to 9.2.3 (For Linux)Linux
Update Nginx to 9.2.7 (For Linux)Linux
Update Nginx to 9.3.10 (For Linux)Linux
Update Nginx to 9.3.15 (For Linux)Linux
Update Nginx to 9.3.17 (For Linux)Linux
Uncontrolled Resource Consumption Vulnerability (CVE-2016-0747)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234