CVE-2018-7160
nodejs: Inspector DNS rebinding vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podría explotarse para ejecutar código de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podría emplear un ataque de reenlace DNS para engañar al navegador web para que omita las comprobaciones de política del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuración activo se está ejecutando en el host local o en un host en la red local, el sitio web malicioso podría conectarse a él como depurador y obtener acceso total de ejecución de código.
It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-15 CVE Reserved
- 2018-05-17 CVE Published
- 2024-02-29 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-290: Authentication Bypass by Spoofing
- CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm | |
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://nodejs.org/en/blog/vulnerability/march-2018-security-releases | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-7160 | 2018-10-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561979 | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.0.0 <= 6.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.9.0 < 6.14.0 Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.14.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 8.0.0 <= 8.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 8.0.0 <= 8.8.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 8.9.0 < 8.11.0 Search vendor "Nodejs" for product "Node.js" and version " >= 8.9.0 < 8.11.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 9.0.0 < 9.10.0 Search vendor "Nodejs" for product "Node.js" and version " >= 9.0.0 < 9.10.0" | - |
Affected
| ||||||