[3.9] pdns: Insufficient validation in the HTTP remote backend (CVE-2019-3871)ID: oval:org.secpod.oval:def:1801347 | Date: (C)2019-06-21 (M)2023-11-10 |
Class: PATCH | Family: unix |
An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode , allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers. Affects: PowerDNS Authoritative up to and including 4.1.6 Not affected: 4.1.7, 4.0.7
Platform: |
Alpine Linux 3.9 |