VDB
CVE-2017-15091
CVE-2017-15091
PUBLISHED
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
EPSS 0.00% · 0.1th percentile
Risk Scores
EPSS Score
0.00%
0.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | pdns | 3.4.5-1build2, 3.4.6-3, 3.4.7-1 |
Timeline
- Jan 23, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-15091 third-party-advisory
- https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html third-party-advisory
- https://downloads.powerdns.com/patches/2017-04/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-15091 third-party-advisory