Binding to an Unrestricted IP Address

Incomplete Base

Structure: Simple

Description

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

Extended Description

When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network.

Common Consequences 1

Scope: Availability

Impact: DoS: Amplification

Potential Mitigations 2

Phase: System Configuration

Assign IP addresses that are not 0.0.0.0.

Effectiveness: High

Phase: System Configuration

Strategy: Firewall

Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.

Effectiveness: High

Demonstrative Examples 1

The following code snippet uses 0.0.0.0 in a Puppet script.

Code Example:

Bad

Other

signingserver::instance {

other

The Puppet code snippet is used to provision a signing server that will use 0.0.0.0 to accept traffic. However, as 0.0.0.0 is unrestricted, malicious users may use this IP address to launch frequent requests and cause denial of service attacks.

Code Example:

Good

Other

signingserver::instance {

other

Observed Examples 1

CVE-2022-21947Desktop manager for Kubernetes and container management binds a service to 0.0.0.0, allowing users on the network to make requests to a dashboard API.

References 2

Security Smells in Ansible and Chef Scripts: A Replication Study

Akond Rahman, Md Rayhanur Rahman, Chris Parnin, and Laurie Williams

20-06-2020

https://arxiv.org/pdf/1907.07159(2025-08-04)

ID: REF-1158

The Seven Sins: Security Smells in Infrastructure as Code Scripts

Akond Rahman, Chris Parnin, and Laurie Williams

ICSE '19: Proceedings of the 41st International Conference on Software Engineering

05-2019

https://dl.acm.org/doi/10.1109/ICSE.2019.00033(2023-04-07)

ID: REF-1159

Applicable Platforms

Languages:

Other : Undetermined

Technologies:

Web Server : UndeterminedClient Server : UndeterminedCloud Computing : Undetermined

Modes of Introduction

System Configuration

Related Attack Patterns

1
DEPRECATED: Location

Related Weaknesses

ChildOf:

Exposure of Resource to Wrong Sphere (CWE-668)