Description
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Remediation
References
Related Vulnerabilities
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)
Oracle Application Server CVE-2006-3711 Vulnerability (CVE-2006-3711)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35626)
WordPress Plugin WP Ajax Recent Posts 'number' Parameter Cross-Site Scripting (1.0.1)
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)