FS#59425 : [mitmproxy] mitmproxy: mitmweb allows DNS Rebinding attacks, related totools/web/app.py

FS#59425 - [mitmproxy] mitmproxy: mitmweb allows DNS Rebinding attacks, related totools/web/app.py

Attached to Project: Community Packages
Opened by Karol Babioch (kbabioch) - Monday, 23 July 2018, 11:04 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 21 August 2018, 18:10 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Felix Yan (felixonmars) Levente Polyak (anthraxx) Filipe Laíns (FFY00)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

CVE-2018-14505

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to
tools/web/app.py.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14505
http://www.cvedetails.com/cve/CVE-2018-14505/
https://github.com/mitmproxy/mitmproxy/issues/3234
https://github.com/mitmproxy/mitmproxy/pull/3243

This task depends upon

Closed by Eli Schwartz (eschwartz)
Tuesday, 21 August 2018, 18:10 GMT
Reason for closing: Fixed
Additional comments about closing: mitmproxy 4.0.4-1

Comment by Doug Newgard (Scimmia) - Saturday, 28 July 2018, 16:00 GMT

Is this valid for 3.0.3 in Community or 3.0.4 in staging?

Comment by Eli Schwartz (eschwartz) - Tuesday, 21 August 2018, 18:09 GMT

We went straight from that to 4.0.4 anyway, so guessing this is fixed either way...

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#59425 - [mitmproxy] mitmproxy: mitmweb allows DNS Rebinding attacks, related totools/web/app.py

Details

Loading...