CVE-2016-0747
15.02.2016, 19:59
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.Enginsight
Vendor | Product | Version |
---|---|---|
f5 | nginx | 0.6.18 ≤ 𝑥 < 1.8.1 |
f5 | nginx | 1.9.0 ≤ 𝑥 < 1.9.10 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 15.10 |
debian | debian_linux | 7.0 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
opensuse | leap | 42.1 |
opensuse | leap | 42.1 |
apple | xcode | 𝑥 < 13.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References