cve/2018/CVE-2018-1099.md

### [CVE-2018-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1099)
![](https://img.shields.io/static/v1?label=Product&message=etcd&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)

### Description

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

### POC

#### Reference
- https://github.com/coreos/etcd/issues/9353

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/andir/nixos-issue-db-example
- https://github.com/laojianzi/laojianzi
- https://github.com/sonatype-nexus-community/nancy
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1099)`
			`![](https://img.shields.io/static/v1?label=Product&message=etcd&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)`

			`### Description`

			`DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).`

			`### POC`

			`#### Reference`
			`- https://github.com/coreos/etcd/issues/9353`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/andir/nixos-issue-db-example`
			`- https://github.com/laojianzi/laojianzi`
			`- https://github.com/sonatype-nexus-community/nancy`