Improperly Trusted Reverse DNS
Weakness ID: 350 (Weakness Base)Status: Draft
+ Description

Description Summary

The software trusts the hostname that is provided when performing a reverse DNS resolution on an IP address, without also performing forward resolution.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Demonstrative Examples

Example 1

In the example below, an authorization decision is made on the result of a reverse DNS lookup.

(Bad Code)
Example Language: Java 
InetAddress clientAddr = getClientInetAddr();
if (clientAddr != null && clientAddr.getHostName().equals("authorizedhost.authorizeddomain.com") {
authorized = true;
}
+ Observed Examples
ReferenceDescription
CVE-2001-1488Does not do double-reverse lookup to prevent DNS spoofing.
CVE-2001-1500Does not verify reverse-resolved hostnames in DNS.
CVE-2000-1221Authentication bypass using spoofed reverse-resolved DNS hostnames.
CVE-2002-0804Authentication bypass using spoofed reverse-resolved DNS hostnames.
CVE-2001-1155Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
CVE-2004-0892Reverse DNS lookup used to spoof trusted content in intermediary.
CVE-2003-0981Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERImproperly Trusted Reverse DNS
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
73User-Controlled Filename
18Embedding Scripts in Nonscript Elements
63Simple Script Injection
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-05-27CWE Content TeamMITREInternal
updated Relationships
Back to top