漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bypass of client certificate verification with transfer over TLS
Vulnerability Description
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
NLnet Labs NSD 权限许可和访问控制问题漏洞
Vulnerability Description
NLnet Labs NSD是荷兰NLnet Labs组织的一款DNS服务器软件。 NLnet Labs NSD 4.10.1版本至4.14.3之前版本存在安全漏洞,该漏洞源于认证缺失,可能导致攻击者绕过客户端证书验证。
CVSS Information
N/A
Vulnerability Type
N/A