DEBIAN-CVE-2018-1099

DEBIAN-CVE-2018-1099 PUBLISHED CVSS 5.5 MEDIUM

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:13	etcd	0, 0, 0
Debian:14	etcd	0, 0, 0
Debian:11	etcd	0, 3.3.25+dfsg, 3.3.25+dfsg
Debian:12	etcd	0, 0, 0

Timeline

Apr 3, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-1099 advisory

Open in Interactive Console →