QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3871

Published: Mar 21, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

Vendor	Product	Versions
The PowerDNS Project	pdns	affected `4.1.7` affected `4.0.7`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

References

[oss-security] 20190318 PowerDNS Security Advisory 2019-03

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871

x_refsource_CONFIRM

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html

x_refsource_MISC

vdb-entry

x_refsource_BID

FEDORA-2019-b85d4171d4

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-9993d32c48

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update

mailing-list

x_refsource_MLIST

openSUSE-SU-2019:1128

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

20190404 [SECURITY] [DSA 4424-1] pdns security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.