ID CVE-2021-31702 Type cve Reporter cve@mitre.org Modified 2021-06-09T16:53:00
Description
Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.
{"id": "CVE-2021-31702", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-31702", "description": "Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.", "published": "2021-05-29T14:15:00", "modified": "2021-06-09T16:53:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31702", "reporter": "cve@mitre.org", "references": ["https://github.com/l00neyhacker/CVE-2021-31702"], "cvelist": ["CVE-2021-31702"], "immutableFields": [], "lastseen": "2022-03-23T18:07:35", "viewCount": 48, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["770EBACC-5973-5B56-8301-99FBCEE82E50"]}], "rev": 4}, "score": {"value": 0.4, "vector": "NONE"}, "twitter": {"counter": 5, "modified": "2021-05-30T07:26:27", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1399025405647101952", "text": " NEW: CVE-2021-31702 Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. Severity: [object Object] https://t.co/15gqXk8Lnv?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1399025405647101952", "text": " NEW: CVE-2021-31702 Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. Severity: [object Object] https://t.co/15gqXk8Lnv?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1399712556244160514", "text": " NEW: CVE-2021-31702 Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. Severity: [object Object] https://t.co/15gqXk8Lnv?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1399206602939437060", "text": " NEW: CVE-2021-31702 Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. Severity: [object Object] https://t.co/15gqXk8Lnv?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1399387795148443653", "text": " NEW: CVE-2021-31702 Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. Severity: [object Object] https://t.co/15gqXk8Lnv?amp=1"}]}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["770EBACC-5973-5B56-8301-99FBCEE82E50"]}]}, "exploitation": null, "vulnersScore": 0.4}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:frontiersoftware:ichris:5.18"], "cpe23": ["cpe:2.3:a:frontiersoftware:ichris:5.18:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "frontiersoftware:ichris", "version": "5.18", "operator": "le", "name": "frontiersoftware ichris"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:frontiersoftware:ichris:5.18:*:*:*:*:*:*:*", "versionEndIncluding": "5.18", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/l00neyhacker/CVE-2021-31702", "name": "https://github.com/l00neyhacker/CVE-2021-31702", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
