Candidate: CVE-2017-7557
PublicDate: 2017-08-22 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557
 https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
 https://downloads.powerdns.com/patches/2017-02
Description:
 dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism
 for REST API potentially allowing CSRF attack.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872854
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_dnsdist:
upstream_dnsdist: released (1.2.0-1)
precise/esm_dnsdist: DNE
trusty_dnsdist: DNE
trusty/esm_dnsdist: DNE
vivid/ubuntu-core_dnsdist: DNE
xenial_dnsdist: ignored (end of standard support, was needed)
zesty_dnsdist: ignored (reached end-of-life)
artful_dnsdist: not-affected (1.2.0-1)
bionic_dnsdist: not-affected (1.2.0-1)
cosmic_dnsdist: not-affected (1.2.0-1)
disco_dnsdist: not-affected (1.2.0-1)
eoan_dnsdist: not-affected (1.2.0-1)
focal_dnsdist: not-affected (1.2.0-1)
groovy_dnsdist: not-affected (1.2.0-1)
hirsute_dnsdist: not-affected (1.2.0-1)
impish_dnsdist: not-affected (1.2.0-1)
jammy_dnsdist: not-affected (1.2.0-1)
devel_dnsdist: not-affected (1.2.0-1)