CVE-2017-7557
22.08.2017, 14:29
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| powerdns | dnsdist | 1.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dnsdist |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dnsdist |
|
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.