JVNDB-2013-000087
Vulnerability from jvndb - Published: 2013-09-19 13:29 - Updated:2014-08-28 18:10Summary
Multiple broadband routers may behave as open resolvers
Details
Multiple broadband routers contain an issue where they may behave as open resolvers.
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver.
Multiple broadband routers may contain an issue where they may behave as open resolvers.
This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC.
In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000087.html",
"dc:date": "2014-08-28T18:10+09:00",
"dcterms:issued": "2013-09-19T13:29+09:00",
"dcterms:modified": "2014-08-28T18:10+09:00",
"description": "Multiple broadband routers contain an issue where they may behave as open resolvers.\r\n\r\nA device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver.\r\nMultiple broadband routers may contain an issue where they may behave as open resolvers.\r\n\r\nThis issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC.\r\nIn addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000087.html",
"sec:cpe": {
"#text": "cpe:/a:misc:multiple_vendors",
"@product": "(Multiple Products)",
"@vendor": "(Multiple Venders)",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000087",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN62507275/",
"@id": "JVN#62507275",
"@source": "JVN"
},
{
"#text": "http://www.jpcert.or.jp/at/2013/at130022.html",
"@id": "DDoS attacks using recursive DNS requests",
"@source": "JPCERT-WR"
},
{
"#text": "https://www.us-cert.gov/ncas/alerts/TA13-088A",
"@id": "Alert (TA13-088A) DNS Amplification Attacks",
"@source": "CERT-TA"
},
{
"#text": "http://www.us-cert.gov/ncas/alerts/TA14-017A",
"@id": "Alert (TA14-017A) UDP-based Amplification Attacks",
"@source": "CERT-TA"
},
{
"#text": "http://jprs.jp/important/2013/130418.html",
"@id": "An unsuitable setup of a DNS server\"Open Resolver\"",
"@source": "JPRS"
},
{
"#text": "https://www.nic.ad.jp/ja/dns/openresolver/",
"@id": "About Open Resolver",
"@source": "JPNIC"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple broadband routers may behave as open resolvers"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…