Exposed port out of range

ID

port_out_of_range

Severity

low

Family

Container Security

Tags

dockerfile, flaw

Description

UNIX ports outside the range 0-65535 are exposed. They do not make sense, as both TCP and UDP only allow for 65536 ports (16-bit port number).

Security

N/A

Examples

FROM alpine:3.3
RUN apk --no-cache add nginx
# issue: exposed port 65536 out of range
EXPOSE 65536/tcp 80 443 22
CMD [ "nginx", "-g", "daemon off;" ]

Mitigation / Fix

FROM alpine:3.3
RUN apk --no-cache add nginx
# fixed
EXPOSE 65530/tcp 80 443 22
CMD [ "nginx", "-g", "daemon off;" ]