Category Archives: Checkpoint

Checkpoint

ISC BIND DNAME Response Processing Denial of Service (CVE-2016-8864)

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to a flaw processing recursive DNAME responses that can cause the target resolver to crash. A remote, unauthenticated attacker could exploit this vulnerability against DNS servers that perform recursive queries by providing responses with a crafted DNAME answer. Successful exploitation could lead to a denial-ofservice.

HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet. Successful exploitation would result in the execution of arbitrary code under the context of the process.