Описание
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...
EPSS
7.5 High
CVSS3