CVE-1999-0532

DNS Server - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-1999-0532. PoCs published by websecnl, Rodney-O-C-Melby, SleepTheGod, including Metasploit module auxiliary/gather/enum_dns.

AI-analyzed exploit summary This repository contains a Python script that scans for DNS zone transfer vulnerabilities (CVE-1999-0532) by querying a remote API with domain names from a list. It checks for unrestricted DNS zone transfers and logs vulnerable targets.

Description

A DNS server allows zone transfers.

Exploits (4)

nomisec SCANNER 4 stars
by websecnl · poc
https://github.com/websecnl/Bulk_CVE-1999-0532_Scanner

This repository contains a Python script that scans for DNS zone transfer vulnerabilities (CVE-1999-0532) by querying a remote API with domain names from a list. It checks for unrestricted DNS zone transfers and logs vulnerable targets.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DNS servers with misconfigured zone transfers
No auth needed
Prerequisites: List of domain names in a text file (domains.txt) · Access to a remote API for DNS zone transfer checks
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 3 stars
by Rodney-O-C-Melby · poc
https://github.com/Rodney-O-C-Melby/dns-zone-transfer-test

This repository contains a DNS zone transfer testing tool that automates the discovery of nameservers and checks for zone transfer vulnerabilities. It does not exploit a specific CVE but scans for misconfigured DNS servers allowing unauthorized zone transfers.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DNS servers (BIND, Microsoft DNS, etc.)
No auth needed
Prerequisites: Network access to target DNS server · DNS server allowing AXFR requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by SleepTheGod · poc
https://github.com/SleepTheGod/dns-zone-audit

This repository contains a functional Bash script that tests for DNS zone transfer misconfigurations (AXFR) by querying authoritative name servers, which is associated with CVE-1999-0532. The script automates the discovery of name servers and attempts zone transfers, providing clear output on success or failure.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DNS servers with misconfigured zone transfers
No auth needed
Prerequisites: dig (dnsutils or bind-utils) · authoritative name servers allowing AXFR
devstral-2 · analyzed Apr 10, 2026 Full analysis →
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/enum_dns.rb

This Metasploit module performs DNS enumeration and information gathering by querying various DNS record types (AXFR, A, CNAME, MX, NS, SOA, TXT, SRV) and optionally brute-forcing subdomains. It does not contain offensive techniques like reverse shells or command injection.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: DNS servers
No auth needed
Prerequisites: Valid domain name · Access to a DNS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources x_refsource_misc
https://www.cve.org/CVERecord?id=CVE-1999-0532

Scores

EPSS 0.7295
EPSS Percentile 98.8%

Details

Status published
Published Jul 01, 1997
Tracked Since Feb 18, 2026