Test ID:	1.3.6.1.4.1.25623.1.0.144214
Category:	General
Title:	PowerDNS Recursor < 4.1.17, 4.2.0 < 4.2.3, 4.3.0 < 4.3.2 Access Restriction Bypass Vulnerability
Summary:	PowerDNS Recursor is prone to an access restriction bypass vulnerability.
Description:	Summary: PowerDNS Recursor is prone to an access restriction bypass vulnerability. Vulnerability Insight: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the default configuration the API webserver is not enabled. Only installations using a non-default value for webserver and webserver-address are affected. Affected Software/OS: PowerDNS Recursor 4.1.16 and prior, 4.2.0 - 4.2.2 and 4.3.0 - 4.3.1. Solution: Update to version 4.1.17, 4.2.3, 4.3.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14196 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F/ SuSE Security Announcement: openSUSE-SU-2020:1005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html SuSE Security Announcement: openSUSE-SU-2020:1055 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html SuSE Security Announcement: openSUSE-SU-2020:1101 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html SuSE Security Announcement: openSUSE-SU-2020:1687 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.