Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts
Vulnerability Description
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
PowerDNS Recursor 安全漏洞
Vulnerability Description
PowerDNS Recursor(pdns_recursor)是荷兰PowerDNS公司的一款域名解析服务器。 PowerDNS Recursor 5.0.10、5.1.4和5.2.2及以上版本存在安全漏洞,该漏洞源于ECS启用查询的欺骗尝试成功几率高于非ECS查询,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A