1. Home
  2. CWE Database
  3. CWE-1327
Base · Medium

CWE-1327: Binding to an Unrestricted IP Address

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

CWE-1327 · Base Level ·2 CVEs ·2 Mitigations

Description

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network.

Potential Impact

Availability

DoS: Amplification

Demonstrative Examples

The following code snippet uses 0.0.0.0 in a Puppet script.
Bad
signingserver::instance {
					
					  "nightly-key-signing-server":
					  
					  listenaddr     => "0.0.0.0",
					  port           => "9100",
					  code_tag       => "SIGNING_SERVER",
					  
					  }
The Puppet code snippet is used to provision a signing server that will use 0.0.0.0 to accept traffic. However, as 0.0.0.0 is unrestricted, malicious users may use this IP address to launch frequent requests and cause denial of service attacks.
Good
signingserver::instance {
					
					  "nightly-key-signing-server":
					  
					  listenaddr     => "127.0.0.1",
					  port           => "9100",
					  code_tag       => "SIGNING_SERVER",
					  
					  }

Mitigations & Prevention

System Configuration High

Assign IP addresses that are not 0.0.0.0.

System Configuration High

Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.

Real-World CVE Examples

CVE IDDescription
CVE-2023-41742cybersecurity product binds to an unrestricted IP address
CVE-2022-21947Desktop manager for Kubernetes and container management binds a service to 0.0.0.0, allowing users on the network to make requests to a dashboard API.

CWE-668: Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the...

Frequently Asked Questions

What is CWE-1327?

CWE-1327 (Binding to an Unrestricted IP Address) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

How can CWE-1327 be exploited?

Attackers can exploit CWE-1327 (Binding to an Unrestricted IP Address) to dos: amplification. This weakness is typically introduced during the System Configuration phase of software development.

How do I prevent CWE-1327?

Key mitigations include: Assign IP addresses that are not 0.0.0.0.

What is the severity of CWE-1327?

CWE-1327 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.