CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html
http://www.openwall.com/lists/oss-security/2019/03/18/4 Exploit Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/107491 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871 Exploit Issue Tracking Patch Third Party Advisory
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/
https://seclists.org/bugtraq/2019/Apr/8
https://www.debian.org/security/2019/dsa-4424
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html
http://www.openwall.com/lists/oss-security/2019/03/18/4 Exploit Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/107491 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871 Exploit Issue Tracking Patch Third Party Advisory
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/
https://seclists.org/bugtraq/2019/Apr/8
https://www.debian.org/security/2019/dsa-4424
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 6.5
References () http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html - () http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html -
References () http://www.openwall.com/lists/oss-security/2019/03/18/4 - Exploit, Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2019/03/18/4 - Exploit, Mailing List, Patch, Third Party Advisory
References () http://www.securityfocus.com/bid/107491 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/107491 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871 - Exploit, Issue Tracking, Patch, Third Party Advisory
References () https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html - Vendor Advisory () https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html - Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html - () https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/ -
References () https://seclists.org/bugtraq/2019/Apr/8 - () https://seclists.org/bugtraq/2019/Apr/8 -
References () https://www.debian.org/security/2019/dsa-4424 - () https://www.debian.org/security/2019/dsa-4424 -

07 Nov 2023, 03:10

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/', 'name': 'FEDORA-2019-b85d4171d4', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/', 'name': 'FEDORA-2019-9993d32c48', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/ -

Information

Published : 2019-03-21 21:29

Updated : 2024-11-21 04:42


NVD link : CVE-2019-3871

Mitre link : CVE-2019-3871

CVE.ORG link : CVE-2019-3871


JSON object : View

Products Affected

fedoraproject

  • fedora

powerdns

  • authoritative_server
CWE
CWE-20

Improper Input Validation