DNS Rebinding Vulnerability in mitmproxy by Mitmproxy
CVE-2018-14505

8.8HIGH

Key Information:

Vendor: Mitmproxy
Status: Mitmproxy
Vendor: CVE Published:; 22 July 2018

What is CVE-2018-14505?

The vulnerability identified in mitmproxy v4.0.3 allows attackers to execute DNS Rebinding attacks, exposing users to potential manipulation of web applications. This flaw originates from the handling of requests within the mitmweb component, specifically related to tools/web/app.py. Attackers can exploit this weakness to redirect user requests and gain unauthorized access to sensitive data, stressing the importance of implementing security measures to mitigate such risks.

References

https://github.com/mitmproxy/mitmproxy/pull/3243

x_refsource_CONFIRM

https://github.com/mitmproxy/mitmproxy/issues/3234

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2018
Vulnerability Reserved
Jul 22, 2018

CVE-2018-14505 Data

JSON