PowerDNS Authoritative におけるセキュリティチェックに関する脆弱性
| Title |
PowerDNS Authoritative におけるセキュリティチェックに関する脆弱性
|
| Summary |
PowerDNS Authoritative には、キュリティチェックに関する脆弱性が存在します。
|
| Possible impacts |
情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Nov. 27, 2017, midnight |
| Registration Date |
March 5, 2018, 3:47 p.m. |
| Last Update |
March 5, 2018, 3:47 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.1
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
|
CVSS2.0 : 警告
|
| Score |
5.5
|
| Vector |
AV:N/AC:L/Au:S/C:N/I:P/A:P |
Affected System
| PowerDNS |
|
PowerDNS Authoritative Server 3.4.11 までの 3.x
|
|
PowerDNS Authoritative Server 4.0.4 までの 4.x
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年03月05日]
掲載 |
March 5, 2018, 3:47 p.m. |
NVD Vulnerability Information
CVE-2017-15091
| Summary |
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
|
| Publication Date |
Jan. 24, 2018, 12:29 a.m. |
| Registration Date |
Jan. 26, 2021, 1:16 p.m. |
| Last Update |
Nov. 21, 2024, 12:14 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:* |
4.0.0 |
4.0.4 |
|
|
| cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:* |
3.0 |
3.4.11 |
|
|
Related information, measures and tools
Common Vulnerabilities List