Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3871

Опубликовано: 21 мар. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 6.5
CVSS3: 6.5

Описание

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

4.1.6-3build1
disco

ignored

end of life
eoan

not-affected

4.1.6-3build1
esm-apps/bionic

needed

esm-apps/focal

not-affected

4.1.6-3build1
esm-apps/jammy

not-affected

4.1.6-3build1
esm-apps/noble

not-affected

4.1.6-3build1
esm-apps/xenial

needed

Показывать по

Ссылки на источники

6.5 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-3871

CVSS3: 6.5
nvd
почти 7 лет назад

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

debian логотип

CVE-2019-3871

CVSS3: 6.5
debian
почти 7 лет назад

A vulnerability was found in PowerDNS Authoritative Server before 4.0. ...

suse-cvrf логотип

openSUSE-SU-2019:1128-1

suse-cvrf
почти 7 лет назад

Security update for pdns

github логотип

GHSA-mg3r-wf83-7hqh

CVSS3: 8.8
github
больше 3 лет назад

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

fstec логотип

BDU:2019-01943

CVSS3: 8.8
fstec
почти 7 лет назад

Уязвимость компонента «Authoritative Server» DNS-сервера PowerDNS, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS2

6.5 Medium

CVSS3