Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3602

Опубликовано: 13 окт. 2009
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*
Версия до 1.3.3 (включая)
cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.01644
Низкий

7.5 High

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2009-3602

ubuntu
больше 16 лет назад

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

debian логотип

CVE-2009-3602

debian
больше 16 лет назад

Unbound before 1.3.4 does not properly verify signatures for NSEC3 rec ...

github логотип

GHSA-3xrf-3v7w-582w

github
почти 4 года назад

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

EPSS

Процентиль: 82%
0.01644
Низкий

7.5 High

CVSS2

Дефекты

CWE-310