// For flags

CVE-2018-7160

nodejs: Inspector DNS rebinding vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podría explotarse para ejecutar código de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podría emplear un ataque de reenlace DNS para engañar al navegador web para que omita las comprobaciones de política del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuración activo se está ejecutando en el host local o en un host en la red local, el sitio web malicioso podría conectarse a él como depurador y obtener acceso total de ejecución de código.

It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-02-15 CVE Reserved
  • 2018-05-17 CVE Published
  • 2024-02-29 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-290: Authentication Bypass by Spoofing
  • CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 6.0.0 <= 6.8.1
Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 6.9.0 < 6.14.0
Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.14.0"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 8.0.0 <= 8.8.1
Search vendor "Nodejs" for product "Node.js" and version " >= 8.0.0 <= 8.8.1"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 8.9.0 < 8.11.0
Search vendor "Nodejs" for product "Node.js" and version " >= 8.9.0 < 8.11.0"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 9.0.0 < 9.10.0
Search vendor "Nodejs" for product "Node.js" and version " >= 9.0.0 < 9.10.0"
-
Affected