8 matches found
EUVD-2026-36489
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...
Netty has Insufficient Bailiwick Validation for NS Records
Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...
Amplification Attacks
PowerDNS Recursor is vulnerable toamplification attacks. It does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafte...
Design/Logic Flaw
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...
Who Needs a Botnet when you have a 4 Gbps DDoS Cannon?
In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks, perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just...
Who Needs a Botnet when you have a 4 Gbps DDoS Cannon?
In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks, perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just...
Cautious Optimism over Google DNSSEC Deployment
Google’s announcement that its Google Public DNS resolution service now supports DNSSEC is being applauded, but experts caution that despite Google’s high profile, this only puts a slight dent in a larger issue. “I think it’s great that Google is getting involved and supporting validation for...