FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 6001cfc6-9f0f-4fae-9b4f-9b8fae001425 | PowerDNS -- Insufficient validation in the HTTP remote backend
PowerDNS developers report:
An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers.
Discovery 2019-03-18
Entry 2019-03-19
powerdns
< 4.1.7
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
CVE-2019-3871
|