CVE-2017-7557 — Improper Authentication in HAT INC Dnsdist

CWE-287 — Improper Authentication CWE-352 — Cross-Site Request Forgery9 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 99.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Dnsdist RED HAT INC Dnsdist

Timeline

PublishedAug 22

Latest updateMay 13

Description

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Debianpowerdns/dnsdist< 1.2.0-1+3

▶NVDpowerdns/dnsdist1.1.0

▶CVEListV5red_hat_inc/dnsdist1.1.0

Patches

Patch: dnsdist.org ↗Patch: dnsdist.org ↗

🔴Vulnerability Details

GHSA

GHSA-337m-69vh-g93q: dnsdist version 1↗2022-05-13

▶

OSV

CVE-2017-7557: dnsdist version 1↗2017-08-22

▶

CVEList

CVE-2017-7557: dnsdist version 1↗2017-08-22

▶

📋Vendor Advisories

Debian

CVE-2017-7557: dnsdist - dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for RE...↗2017

▶

💬Community

Bugzilla

CVE-2017-7557 dnsdist: Alteration of ACLs via API authentication bypass↗2017-08-22

▶

Bugzilla

CVE-2016-7069 CVE-2017-7557 dnsdist: various flaws [epel-7]↗2017-08-22

▶

Bugzilla

CVE-2016-7069 CVE-2017-7557 dnsdist: various flaws [fedora-all]↗2017-08-22

▶

Bugzilla

CVE-2017-9772 ocaml: Insufficient sanitisation allows privilege escalation for setuid binaries↗2017-06-26

▶