CVE-2018-1099

Summary

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.etcd3.3.1 and earlieraffected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References