Adam Dobrawy

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative Server versions prior to 4.0.7 PowerDNS Authoritative Server versions prior to 4.1.7 **Description** A vulnerability was found in the HTTP Connector of the Remote backend, related to insufficient validation of user data when building an HTTP request from a DNS query. This allows a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint. **Recommendations** For PowerDNS Authoritative Server versions prior to 4.0.7, update to version 4.0.7 or later. For PowerDNS Authoritative Server versions prior to 4.1.7, update to version 4.1.7 or later. As a temporary workaround, consider restricting access to the HTTP Connector in the Remote backend to minimize the risk of exploitation.