dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
References
Link | Resource |
---|---|
https://sourceforge.net/projects/dproxy/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/08/14/3 | Exploit Mailing List Third Party Advisory |
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner | Third Party Advisory |
https://sourceforge.net/projects/dproxy/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/08/14/3 | Exploit Mailing List Third Party Advisory |
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://sourceforge.net/projects/dproxy/ - Third Party Advisory | |
References | () https://www.openwall.com/lists/oss-security/2022/08/14/3 - Exploit, Mailing List, Third Party Advisory | |
References | () https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner - Third Party Advisory |
18 Aug 2022, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-290 | |
References | (MISC) https://sourceforge.net/projects/dproxy/ - Third Party Advisory | |
References | (MISC) https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner - Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/08/14/3 - Exploit, Mailing List, Third Party Advisory |
15 Aug 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-15 13:15
Updated : 2024-11-21 07:08
NVD link : CVE-2022-33991
Mitre link : CVE-2022-33991
CVE.ORG link : CVE-2022-33991
JSON object : View
Products Affected
dproxy-nexgen_project
- dproxy-nexgen
CWE
CWE-290
Authentication Bypass by Spoofing