Denial of Service and Information Disclosure Risk in PowerDNS Authoritative Server
CVE-2019-3871

6.5MEDIUM

Key Information:

Vendor
The Powerdns Project
Status
Pdns
Vendor
CVE Published:
21 March 2019

Summary

A vulnerability exists in the PowerDNS Authoritative Server that allows a remote user to exploit insufficient validation of user data when constructing an HTTP request from a DNS query. This can lead to a Denial of Service (DoS) by forcing the server to connect to an invalid endpoint. Additionally, there is the possibility of information disclosure, where the server could unintentionally connect to an internal endpoint and expose sensitive response data.

Affected Version(s)

pdns 4.1.7

pdns 4.0.7

References

http://www.openwall.com/lists/oss-security/2019/03/18/4
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871
x_refsource_CONFIRM
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.