Lucene search

[email protected]NVD:CVE-2019-3871

HistoryMar 21, 2019 - 9:29 p.m.

CVE-2019-3871

2019-03-2121:29:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.016

Percentile

87.9%

JSON

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

Affected configurations

Nvd

Node

powerdnsauthoritative_serverRange<4.0.7

powerdnsauthoritative_serverRange4.1.0–4.1.7

Node

fedoraprojectfedoraMatch28

fedoraprojectfedoraMatch29

VendorProductVersionCPE
powerdnsauthoritative_server*cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
fedoraprojectfedora28cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
powerdns	authoritative_server	*	cpe:2.3:a:powerdns:authoritative_server::::::::
fedoraproject	fedora	28	cpe:2.3:o:fedoraproject:fedora:28:::::::*
fedoraproject	fedora	29	cpe:2.3:o:fedoraproject:fedora:29:::::::*