Approved changes feed: RSS · Atom

cpe:2.3:a:powerdns:powerdns_authoritative:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPowerdns (ef825119-8390-5906-a637-f6692acc90eb)
ProductPowerdns Authoritative (65a31f90-243a-574e-8447-4dd0dcdfd0eb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-15091 vulnerable 2026-06-08 05:08:57.829537 Details available
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-08-05T19:50:14.942Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.