Описание
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
Ссылки
- ProductThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00358
Низкий
7.5 High
CVSS3
Дефекты
CWE-444
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
EPSS
Процентиль: 58%
0.00358
Низкий
7.5 High
CVSS3
Дефекты
CWE-444