SYM_CS_0041 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Incorrectly-Resolved Name or Reference
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-706: Use of Incorrectly-Resolved Name or Reference |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Binding an HttpListener to wildcard addresses (like http://*/ or http://+:) allows the application to accept requests from any network interface or hostname. This can unintentionally expose your service to untrusted networks or hosts.
Impact
An attacker could access or route traffic to your application from unexpected sources, potentially bypassing network controls, exposing sensitive endpoints, or enabling unauthorized access. This increases the risk of data leaks and broader attack surfaces.