SB2023090670 - Reliance on Reverse DNS Resolution for a Security-Critical Action in WireMock
Published: September 6, 2023 Updated: July 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2023-41329)
The vulnerability allows a remote privileged user to execute arbitrary code on the target system.
The vulnerability exists due to proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A remote privileged user can pass specially crafted data to the application, trigger the vulnerability and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.