CVE-2005-2301

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

Published: Jul 19, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2301
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
powerdns / powerdns	2.9.6	2.9.6.x
powerdns / powerdns	2.9.12	2.9.12.x
powerdns / powerdns	2.9.7	2.9.7.x
powerdns / powerdns	2.9.1	2.9.1.x
powerdns / powerdns	2.9.17	2.9.17.x
powerdns / powerdns	2.9.10	2.9.10.x
powerdns / powerdns	2.9.2	2.9.2.x
powerdns / powerdns	2.9.8	2.9.8.x
powerdns / powerdns	2.9.0	2.9.0.x
powerdns / powerdns	2.9.11	2.9.11.x
powerdns / powerdns	2.9.16	2.9.16.x
powerdns / powerdns	2.9.13	2.9.13.x
powerdns / powerdns	2.9.5	2.9.5.x
powerdns / powerdns	2.9.4	2.9.4.x
powerdns / powerdns	2.9.3a	2.9.3a.x
powerdns / powerdns	2.9.14	2.9.14.x
powerdns / powerdns	2.9.15	2.9.15.x

Vulnerability Database

289,697

CVE-2005-2301