Security Advisory

CVE-2015-3224

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-07-26 22:00:00

Last updated 2024-08-06 05:39:32

Assigner redhat

State PUBLISHED

Description

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a clients IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

← Browse all CVEs View on cve.org ↗