CVE-2018-1099

Sažetak

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Reference

https://github.com/coreos/etcd/issues/9353
https://bugzilla.redhat.com/show_bug.cgi?id=1552717
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:55

Objavljeno

03-04-2018 - 16:29