Описание
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cakephp | fixed | 2.8.3-1 | package | |
| cakephp | no-dsa | jessie | package |
Примечания
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 9 лет назад
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVSS3: 7.5
nvd
около 9 лет назад
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVSS3: 7.5
github
больше 3 лет назад
CakePHP allows remote attackers to spoof their IP