CVE-2019-3871

MEDIUM

PowerDNS Authoritative Server < 4.0.7 and < 4.1.7 - Denial of Service via HTTP Connector Remote Backend

Title source: llm
STIX 2.1

Description

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

References (10)

Core 10
Core References
Exploit, Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/03/18/4
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107491
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4424
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Apr/8

Scores

CVSS v3 6.5
EPSS 0.1286
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE
CWE-20
Status published
Products (3)
fedoraproject/fedora 28
fedoraproject/fedora 29
powerdns/authoritative_server < 4.0.7
Published Mar 21, 2019
Tracked Since Feb 18, 2026