CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
Description
The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-142 · CAPEC-275 · CAPEC-73 · CAPEC-89
CVEs mapped to this weakness (25)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24010 | 0.00 | — | 0.00 | Jan 20, 2025 | Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in… | |||
| CVE-2024-24759 | 0.00 | — | 0.05 | Sep 5, 2024 | MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service.… | |||
| CVE-2024-28224 | 0.00 | — | 0.00 | Apr 8, 2024 | Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion). | |||
| CVE-2023-41329 | 0.00 | — | 0.01 | Sep 6, 2023 | WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain… | |||
| CVE-2020-11091 | 0.00 | — | 0.01 | Jun 3, 2020 | In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host… |
- CVE-2025-24010Jan 20, 2025risk 0.00cvss —epss 0.00
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in…
- CVE-2024-24759Sep 5, 2024risk 0.00cvss —epss 0.05
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service.…
- CVE-2024-28224Apr 8, 2024risk 0.00cvss —epss 0.00
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
- CVE-2023-41329Sep 6, 2023risk 0.00cvss —epss 0.01
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain…
- CVE-2020-11091Jun 3, 2020risk 0.00cvss —epss 0.01
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host…