CVE-2019-3871 — Improper Input Validation in Authoritative Server
Severity
8.8HIGHNVD
CNA6.5
EPSS
0.0%
top 90.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 21
Latest updateMay 14
Description
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Fedora 28, 29
Patches
🔴Vulnerability Details
3GHSA
▶
CVEList
▶
📋Vendor Advisories
1Debian▶
CVE-2019-3871: pdns - A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and befo...↗2019
💬Community
3Bugzilla▶
CVE-2019-3871 pdns: insufficient validation of data when building a HTTP request from a DNS query [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3871 pdns: insufficient validation of data when building a HTTP request from a DNS query [epel-all]↗2019-03-19
Bugzilla▶
CVE-2019-3871 pdns: insufficient validation of data when building a HTTP request from a DNS query↗2019-03-14