9 matches found
Astra Linux - уязвимость в python-kdcproxy
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
RHEL 8 : idm:DL1 (RHSA-2025:21820)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21820 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
Important: Red Hat Security Advisory: python-kdcproxy security update
An update for python-kdcproxy is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
CVE-2025-59088
CVE-2025-59088 (python-kdcproxy) is an SSRF issue in kdcproxy where, if a realm lacks defined server addresses, the service queries DNS SRV records for that realm, potentially directing requests to attacker-controlled hosts/ports. The vulnerability is triggered when use_dns is enabled; an attacke...
CVE-2025-59088 Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
EUVD-2018-0081
Malware in sbrugna...