FS#59425 - [mitmproxy] mitmproxy: mitmweb allows DNS Rebinding attacks, related totools/web/app.py
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Monday, 23 July 2018, 11:04 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 21 August 2018, 18:10 GMT
Opened by Karol Babioch (kbabioch) - Monday, 23 July 2018, 11:04 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 21 August 2018, 18:10 GMT
|
Details
CVE-2018-14505
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14505 http://www.cvedetails.com/cve/CVE-2018-14505/ https://github.com/mitmproxy/mitmproxy/issues/3234 https://github.com/mitmproxy/mitmproxy/pull/3243 |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Tuesday, 21 August 2018, 18:10 GMT
Reason for closing: Fixed
Additional comments about closing: mitmproxy 4.0.4-1
Tuesday, 21 August 2018, 18:10 GMT
Reason for closing: Fixed
Additional comments about closing: mitmproxy 4.0.4-1
Comment by Doug Newgard (Scimmia) -
Saturday, 28 July 2018, 16:00 GMT
Comment by
Eli Schwartz (eschwartz) - Tuesday,
21 August 2018, 18:09 GMT
Is this valid for 3.0.3 in Community or 3.0.4 in staging?
We went straight from that to 4.0.4 anyway, so guessing this is
fixed either way...