VYPR

CWE-350

Reliance on Reverse DNS Resolution for a Security-Critical Action

VariantDraft

Description

The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-142 · CAPEC-275 · CAPEC-73 · CAPEC-89

CVEs mapped to this weakness (25)

page 2 of 2
  • CVE-2025-24010Jan 20, 2025
    risk 0.00cvss epss 0.00

    Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in…

  • CVE-2024-24759Sep 5, 2024
    risk 0.00cvss epss 0.05

    MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service.…

  • CVE-2024-28224Apr 8, 2024
    risk 0.00cvss epss 0.00

    Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

  • CVE-2023-41329Sep 6, 2023
    risk 0.00cvss epss 0.01

    WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain…

  • CVE-2020-11091Jun 3, 2020
    risk 0.00cvss epss 0.01

    In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host…