Summary
The 'nginx' program is prone to a vulnerability that may allow attackers to spoof domains because the software fails to properly compare domains when referencing an internal DNS cache.
This issue can be exploited when nginx is configured to act as a forward proxy, but this is a nonstandard and unsupported configuration. Attacks against other configurations may also be possible.
Successful exploits may allow remote attackers to intercept traffic intended for legitimate websites, which may aid in further attacks.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- Acritum Femitter Server URI Directory Traversal Vulnerability
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- IBM WebSphere Application Multiple Vulnerabilities Jul-11
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability