[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
On-Demand Webinar

Publicly exposed Docker API

Threats + Use Case
On-Demand Webinar

Publicly exposed Docker API

Detection Strategies

Description

Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost 127.0.0.1), and should not be available from external sources.

References

Request Access to Use Case Repository

Categories

Discovery

Cloud Service Discovery

Splunk

AWS

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
Break Free from SIEM Lock-in
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution GuidesWhite PapersData Sheets
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2024 Anvilogic. All Rights Reserved.
[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
White Paper

Publicly exposed Docker API

Threats + Use Case
Break Free from SIEM Lock-in
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution GuidesWhite PapersData Sheets
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2024 Anvilogic. All Rights Reserved.
[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
April 20, 2021

Publicly exposed Docker API

Threats + Use Case

Description

Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost 127.0.0.1), and should not be available from external sources.

References

Request Access to Use Case Repository

Categories

Discovery

Cloud Service Discovery

Splunk

AWS

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in

Book a Demo