CVE-2019-3871 — MEDIUM (6.5)

Q: How severe is CVE-2019-3871?

CVE-2019-3871 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3871?

Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Authoritative Server, Fedoraproject Fedora.

Vulnerability Description

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Powerdns	Authoritative Server	< 4.0.7
Fedoraproject	Fedora	28

Related Weaknesses (CWE)

CWE-20

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html
http://www.openwall.com/lists/oss-security/2019/03/18/4ExploitMailing ListPatch
http://www.securityfocus.com/bid/107491Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871ExploitIssue TrackingPatch
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-201Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/bugtraq/2019/Apr/8
https://www.debian.org/security/2019/dsa-4424
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html
http://www.openwall.com/lists/oss-security/2019/03/18/4ExploitMailing ListPatch
http://www.securityfocus.com/bid/107491Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871ExploitIssue TrackingPatch
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-201Vendor Advisory

FAQ

What is CVE-2019-3871?

CVE-2019-3871 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the H...

How severe is CVE-2019-3871?

CVE-2019-3871 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3871?

Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Authoritative Server, Fedoraproject Fedora.